commit 20a068d984f16d8f172900b978635bdcf7e8bc64 Author: CentOS Sources Date: Tue Apr 28 05:34:45 2020 -0400 import sssd-2.2.3-20.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..eee5b09 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/sssd-2.2.3.tar.gz diff --git a/.sssd.metadata b/.sssd.metadata new file mode 100644 index 0000000..3fa9e18 --- /dev/null +++ b/.sssd.metadata @@ -0,0 +1 @@ +c2b457f85586750f5b22bfedd4cbca5b6f8fdb88 SOURCES/sssd-2.2.3.tar.gz diff --git a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch new file mode 100644 index 0000000..124b9be --- /dev/null +++ b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch @@ -0,0 +1,35 @@ +From b626651847e188e89a332b8ac4bfaaa5047e1b3d Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Tue, 10 Dec 2019 16:30:32 +0100 +Subject: [PATCH] INI: sssctl config-check command error messages +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case of parsing error sssctl config-check command does not give +proper error messages with line number. With this patch the error +message is printed again. + +Resolves: +https://pagure.io/SSSD/sssd/issue/4129 + +Reviewed-by: Michal Židek +--- + src/util/sss_ini.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c +index e3699805d..5d91602cd 100644 +--- a/src/util/sss_ini.c ++++ b/src/util/sss_ini.c +@@ -865,6 +865,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self, + + ret = sss_ini_parse(self); + if (ret != EOK) { ++ sss_ini_config_print_errors(self->error_list); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration.\n"); + return ERR_INI_PARSE_FAILED; + } +-- +2.20.1 + diff --git a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch new file mode 100644 index 0000000..1eee827 --- /dev/null +++ b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch @@ -0,0 +1,42 @@ +From 21cb9fb28db1f2eb4ee770eb029bfe20233e4392 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 12 Dec 2019 13:10:16 +0100 +Subject: [PATCH] certmap: mention special regex characters in man page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since some of the matching rules use regular expressions some characters +must be escaped so that they can be used a ordinary characters in the +rules. + +Related to https://pagure.io/SSSD/sssd/issue/4127 + +Reviewed-by: Michal Židek +--- + src/man/sss-certmap.5.xml | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml +index db258d14a..10343625e 100644 +--- a/src/man/sss-certmap.5.xml ++++ b/src/man/sss-certmap.5.xml +@@ -92,6 +92,15 @@ + + Example: <SUBJECT>.*,DC=MY,DC=DOMAIN + ++ ++ Please note that the characters "^.[$()|*+?{\" have a ++ special meaning in regular expressions and must be ++ escaped with the help of the '\' character so that they ++ are matched as ordinary characters. ++ ++ ++ Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ ++ + + + +-- +2.20.1 + diff --git a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch new file mode 100644 index 0000000..c0d5c51 --- /dev/null +++ b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch @@ -0,0 +1,98 @@ +From 580d61884b6c0a81357d8f9fa69fe69d1f017185 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 6 Dec 2019 12:29:49 +0100 +Subject: [PATCH] ldap_child: do not try PKINIT + +if the PKINIT plugin is installed and pkinit_identities is set in +/etc/krb5.conf libkrb5 will try to do PKINIT although ldap_child only +wants to authenticate with a keytab. As a result ldap_child might try to +access a Smartcard which is either not allowed at all or might cause +unexpected delays. + +To avoid this the current patch sets pkinit_identities for LDAP child +explicitly to make the PKINIT plugin fail because if installed libkrb5 +will always use it. + +It turned out the setting pre-authentication options requires some +internal flags to be set and krb5_get_init_creds_opt_alloc() must be +used to initialize the options struct. + +Related to https://pagure.io/SSSD/sssd/issue/4126 + +Reviewed-by: Alexey Tikhonov +--- + src/providers/ldap/ldap_child.c | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c +index 408d64db4..b081df90f 100644 +--- a/src/providers/ldap/ldap_child.c ++++ b/src/providers/ldap/ldap_child.c +@@ -277,7 +277,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + krb5_ccache ccache = NULL; + krb5_principal kprinc; + krb5_creds my_creds; +- krb5_get_init_creds_opt options; ++ krb5_get_init_creds_opt *options = NULL; + krb5_error_code krberr; + krb5_timestamp kdc_time_offset; + int canonicalize = 0; +@@ -392,19 +392,32 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + } + + memset(&my_creds, 0, sizeof(my_creds)); +- memset(&options, 0, sizeof(options)); + +- krb5_get_init_creds_opt_set_address_list(&options, NULL); +- krb5_get_init_creds_opt_set_forwardable(&options, 0); +- krb5_get_init_creds_opt_set_proxiable(&options, 0); +- krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); ++ krberr = krb5_get_init_creds_opt_alloc(context, &options); ++ if (krberr != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_opt_alloc failed.\n"); ++ goto done; ++ } ++ ++ krb5_get_init_creds_opt_set_address_list(options, NULL); ++ krb5_get_init_creds_opt_set_forwardable(options, 0); ++ krb5_get_init_creds_opt_set_proxiable(options, 0); ++ krb5_get_init_creds_opt_set_tkt_life(options, lifetime); ++ krberr = krb5_get_init_creds_opt_set_pa(context, options, ++ "X509_user_identity", ""); ++ if (krberr != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ "krb5_get_init_creds_opt_set_pa failed [%d], ignored.\n", ++ krberr); ++ } ++ + + tmp_str = getenv("KRB5_CANONICALIZE"); + if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { + DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n"); + canonicalize = 1; + } +- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); ++ sss_krb5_get_init_creds_opt_set_canonicalize(options, canonicalize); + + ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s", + DB_PATH, realm_name); +@@ -433,7 +446,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + } + + krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, +- keytab, 0, NULL, &options); ++ keytab, 0, NULL, options); + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, + "krb5_get_init_creds_keytab() failed: %d\n", krberr); +@@ -513,6 +526,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + *expire_time_out = my_creds.times.endtime - kdc_time_offset; + + done: ++ krb5_get_init_creds_opt_free(context, options); + if (krberr != 0) { + if (*_krb5_msg == NULL) { + /* no custom error message provided hence get one from libkrb5 */ +-- +2.20.1 + diff --git a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch new file mode 100644 index 0000000..55e38db --- /dev/null +++ b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch @@ -0,0 +1,52 @@ +From 2c13d8bd00f1e8ff30e9fc81f183f6450303ac30 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Wed, 11 Dec 2019 18:42:49 +0100 +Subject: [PATCH] util/watchdog: fixed watchdog implementation + +In case watchdog detected locked process and this process was parent +process it just sent SIGTERM to the whole group of processes, including +itself. +This handling was wrong: generic `server_setup()` installs custom +libtevent handler for SIGTERM signal so this signal is only processed +in the context of tevent mainloop. But if tevent mainloop is stuck +(exactly the case that triggers WD) then event is not processed +and this made watchdog useless. +`watchdog_handler()` and `watchdog_detect_timeshift()` were amended to do +unconditional `_exit()` after optionally sending a signal to the group. + +Resolves: https://pagure.io/SSSD/sssd/issue/4089 + +Reviewed-by: Sumit Bose +--- + src/util/util_watchdog.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c +index a07275b19..38c248271 100644 +--- a/src/util/util_watchdog.c ++++ b/src/util/util_watchdog.c +@@ -54,9 +54,8 @@ static void watchdog_detect_timeshift(void) + if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) { + if (getpid() == getpgrp()) { + kill(-getpgrp(), SIGTERM); +- } else { +- _exit(1); + } ++ _exit(1); + } + } + } +@@ -75,9 +74,8 @@ static void watchdog_handler(int sig) + if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) { + if (getpid() == getpgrp()) { + kill(-getpgrp(), SIGTERM); +- } else { +- _exit(1); + } ++ _exit(1); + } + } + +-- +2.20.1 + diff --git a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch new file mode 100644 index 0000000..3f7e620 --- /dev/null +++ b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch @@ -0,0 +1,56 @@ +From 1d4a7ffdcf8b303a40058db49d5e1be4bfb8271a Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 17:20:28 +0100 +Subject: [PATCH 5/7] providers/krb5: got rid of unused code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Michal Židek +--- + src/providers/krb5/krb5_common.c | 10 ---------- + src/providers/krb5/krb5_common.h | 7 ------- + 2 files changed, 17 deletions(-) + +diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c +index bfda561c1..5c11c347b 100644 +--- a/src/providers/krb5/krb5_common.c ++++ b/src/providers/krb5/krb5_common.c +@@ -1133,16 +1133,6 @@ void remove_krb5_info_files_callback(void *pvt) + talloc_free(ctx); + } + +-void krb5_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data) +-{ +- orderly_shutdown(0); +-} +- + errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, + struct sss_domain_info *dom, const char *username, + const char *user_dom, char **_upn) +diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h +index cc9313115..493d12e5f 100644 +--- a/src/providers/krb5/krb5_common.h ++++ b/src/providers/krb5/krb5_common.h +@@ -196,13 +196,6 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, + + void remove_krb5_info_files_callback(void *pvt); + +-void krb5_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data); +- + errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm); + + errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, +-- +2.20.1 + diff --git a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch new file mode 100644 index 0000000..a8205b7 --- /dev/null +++ b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch @@ -0,0 +1,84 @@ +From e41e9b37e4d3fcd8544fb6c591dafbaef0954438 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 17:48:14 +0100 +Subject: [PATCH 6/7] data_provider_be: got rid of duplicating SIGTERM handler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It was wrong to install two libtevent SIGTERM handlers both of which did +orderly_shutdown()->exit(). Naturally only one of the handlers was executed +(as process was terminated with exit()) and libtevent docs doesn't say +anything about order of execution. But chances are, be_process_finalize() +was executed first so default_quit() was not executed and main_ctx was not +freed. + +Moreover there is just no reason to have separate be_process_finalize() +at all: default server handler default_quit() frees main_ctx. And be_ctx +is linked to main_ctx so will be freed by default handler as well. + +Resolves: https://pagure.io/SSSD/sssd/issue/4088 + +Reviewed-by: Michal Židek +--- + src/providers/data_provider_be.c | 37 -------------------------------- + 1 file changed, 37 deletions(-) + +diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c +index cfcf0268d..ce00231ff 100644 +--- a/src/providers/data_provider_be.c ++++ b/src/providers/data_provider_be.c +@@ -445,36 +445,6 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx) + return sbus_connection_add_path_map(be_ctx->mon_conn, paths); + } + +-static void be_process_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data) +-{ +- struct be_ctx *be_ctx; +- +- be_ctx = talloc_get_type(private_data, struct be_ctx); +- talloc_free(be_ctx); +- orderly_shutdown(0); +-} +- +-static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx) +-{ +- struct tevent_signal *sige; +- +- BlockSignals(false, SIGTERM); +- +- sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO, +- be_process_finalize, be_ctx); +- if (sige == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); +- return ENOMEM; +- } +- +- return EOK; +-} +- + static void dp_initialized(struct tevent_req *req); + + errno_t be_process_init(TALLOC_CTX *mem_ctx, +@@ -566,13 +536,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, + goto done; + } + +- /* Install signal handler */ +- ret = be_process_install_sigterm_handler(be_ctx); +- if (ret != EOK) { +- DEBUG(SSSDBG_CRIT_FAILURE, "be_install_sigterm_handler failed.\n"); +- goto done; +- } +- + req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid); + if (req == NULL) { + ret = ENOMEM; +-- +2.20.1 + diff --git a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch new file mode 100644 index 0000000..727d7cc --- /dev/null +++ b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch @@ -0,0 +1,32 @@ +From 3f52de891cba55230730602d41c3811cf1b17d96 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 18:26:56 +0100 +Subject: [PATCH 7/7] util/server: improved debug at shutdown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Relates: https://pagure.io/SSSD/sssd/issue/4088 + +Reviewed-by: Michal Židek +--- + src/util/server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/util/server.c b/src/util/server.c +index ee57ac128..33524066e 100644 +--- a/src/util/server.c ++++ b/src/util/server.c +@@ -242,7 +242,8 @@ void orderly_shutdown(int status) + kill(-getpgrp(), SIGTERM); + } + #endif +- if (status == 0) sss_log(SSS_LOG_INFO, "Shutting down"); ++ DEBUG(SSSDBG_IMPORTANT_INFO, "Shutting down (status = %d)", status); ++ sss_log(SSS_LOG_INFO, "Shutting down (status = %d)", status); + exit(status); + } + +-- +2.20.1 + diff --git a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch new file mode 100644 index 0000000..4370350 --- /dev/null +++ b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch @@ -0,0 +1,52 @@ +From 26e33b1984cce3549df170f58f8221201ad54cfd Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Tue, 7 Jan 2020 16:29:05 +0100 +Subject: [PATCH] util/sss_ptr_hash: fixed double free in + sss_ptr_hash_delete_cb() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Calling data->callback(value->ptr) in sss_ptr_hash_delete_cb() could lead +to freeing of value->ptr and thus to destruction of value->spy that is +attached to value->ptr. +In turn sss_ptr_hash_spy_destructor() calls sss_ptr_hash_delete() -> +hash_delete() -> sss_ptr_hash_delete_cb() again and in this recursive +execution hash entry was actually deleted and value was freed. +When stack was unwound back to "first" sss_ptr_hash_delete_cb() it tried +to free value again => double free. + +To prevent this bug value and hence spy are now freed before execution of +data->callback(value->ptr). + +Resolves: https://pagure.io/SSSD/sssd/issue/4135 + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index c7403ffa6..8f9762cb9 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -154,13 +154,13 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + callback_entry.value.type = HASH_VALUE_PTR; + callback_entry.value.ptr = value->ptr; + ++ /* Free value, this also will disable spy */ ++ talloc_free(value); ++ + /* Switch to the input value and call custom callback. */ + if (data->callback != NULL) { + data->callback(&callback_entry, deltype, data->pvt); + } +- +- /* Free value. */ +- talloc_free(value); + } + + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, +-- +2.20.1 + diff --git a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch new file mode 100644 index 0000000..212ff00 --- /dev/null +++ b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch @@ -0,0 +1,195 @@ +From bd201746f8cf0e95615b3e98868555451b5e66b8 Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Mon, 2 Dec 2019 11:11:52 +0100 +Subject: [PATCH] sdap: Add randomness to ldap connection timeout + +In case of mass deployment, mass registration of IPA clients roughly on +the same time leads to regular CPU load spikes on IPA servers, the load +spikes are caused by all/most clients refreshing their LDAP connections +(ldap_connection_expire_timeout) every 15 minutes. + +This patch introduces new random value (from 0 up to +ldap_connection_expire_offset) that is added to the timeout. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3630 + +Reviewed-by: Alexey Tikhonov +--- + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + + src/man/sssd-ldap.5.xml | 19 +++++++++++++++++++ + src/providers/ad/ad_opts.c | 1 + + src/providers/ipa/ipa_opts.c | 1 + + src/providers/ldap/ldap_opts.c | 1 + + src/providers/ldap/sdap.h | 1 + + src/providers/ldap/sdap_async_connection.c | 12 ++++++++++++ + 10 files changed, 39 insertions(+) + +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index 8c73c89ac..c56d5a668 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -600,6 +600,7 @@ option = ldap_chpass_dns_service_name + option = ldap_chpass_update_last_change + option = ldap_chpass_uri + option = ldap_connection_expire_timeout ++option = ldap_connection_expire_offset + option = ldap_default_authtok + option = ldap_default_authtok_type + option = ldap_default_bind_dn +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index 80e329b3b..aaa0b2345 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -58,6 +58,7 @@ ldap_deref = str, None, false + ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + krb5_confd_path = str, None, false + wildcard_limit = int, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf +index e2d46db75..7ed153d36 100644 +--- a/src/config/etc/sssd.api.d/sssd-ipa.conf ++++ b/src/config/etc/sssd.api.d/sssd-ipa.conf +@@ -52,6 +52,7 @@ ldap_deref = str, None, false + ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + krb5_confd_path = str, None, false + wildcard_limit = int, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf +index 01c1d7f12..4f73e901e 100644 +--- a/src/config/etc/sssd.api.d/sssd-ldap.conf ++++ b/src/config/etc/sssd.api.d/sssd-ldap.conf +@@ -36,6 +36,7 @@ ldap_deref_threshold = int, None, false + ldap_sasl_canonicalize = bool, None, false + ldap_sasl_minssf = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + ldap_disable_range_retrieval = bool, None, false + wildcard_limit = int, None, false +diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml +index 6d1ae23ec..f8bb973c7 100644 +--- a/src/man/sssd-ldap.5.xml ++++ b/src/man/sssd-ldap.5.xml +@@ -509,12 +509,31 @@ + the two values (this value vs. the TGT lifetime) + will be used. + ++ ++ This timeout can be extended of a random ++ value specified by ++ ldap_connection_expire_offset ++ + + Default: 900 (15 minutes) + + + + ++ ++ ldap_connection_expire_offset (integer) ++ ++ ++ Random offset between 0 and configured value ++ is added to ++ ldap_connection_expire_timeout. ++ ++ ++ Default: 0 ++ ++ ++ ++ + + ldap_page_size (integer) + +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index cd568e466..1293219ee 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -137,6 +137,7 @@ struct dp_option ad_def_ldap_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c +index 7974cb8ea..4fafa073d 100644 +--- a/src/providers/ipa/ipa_opts.c ++++ b/src/providers/ipa/ipa_opts.c +@@ -147,6 +147,7 @@ struct dp_option ipa_def_ldap_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c +index a20ec0d86..ffd0c6baa 100644 +--- a/src/providers/ldap/ldap_opts.c ++++ b/src/providers/ldap/ldap_opts.c +@@ -107,6 +107,7 @@ struct dp_option default_basic_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h +index d0a19a660..f27b3c480 100644 +--- a/src/providers/ldap/sdap.h ++++ b/src/providers/ldap/sdap.h +@@ -221,6 +221,7 @@ enum sdap_basic_opt { + SDAP_DEREF_THRESHOLD, + SDAP_SASL_CANONICALIZE, + SDAP_EXPIRE_TIMEOUT, ++ SDAP_EXPIRE_OFFSET, + SDAP_DISABLE_PAGING, + SDAP_IDMAP_LOWER, + SDAP_IDMAP_UPPER, +diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c +index 0260cba6f..7438d14a7 100644 +--- a/src/providers/ldap/sdap_async_connection.c ++++ b/src/providers/ldap/sdap_async_connection.c +@@ -1803,6 +1803,8 @@ static void sdap_cli_auth_step(struct tevent_req *req) + struct tevent_req *subreq; + time_t now; + int expire_timeout; ++ int expire_offset; ++ + const char *sasl_mech = dp_opt_get_string(state->opts->basic, + SDAP_SASL_MECH); + const char *user_dn = dp_opt_get_string(state->opts->basic, +@@ -1832,6 +1834,16 @@ static void sdap_cli_auth_step(struct tevent_req *req) + */ + now = time(NULL); + expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT); ++ expire_offset = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_OFFSET); ++ if (expire_offset > 0) { ++ expire_timeout += sss_rand() % (expire_offset + 1); ++ } else if (expire_offset < 0) { ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ "Negative value [%d] of ldap_connection_expire_offset " ++ "is not allowed.\n", ++ expire_offset); ++ } ++ + DEBUG(SSSDBG_CONF_SETTINGS, "expire timeout is %d\n", expire_timeout); + if (!state->sh->expire_time + || (state->sh->expire_time > (now + expire_timeout))) { +-- +2.20.1 + diff --git a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch new file mode 100644 index 0000000..6cf80bd --- /dev/null +++ b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch @@ -0,0 +1,55 @@ +From 9beb736aac6aa21433a4541fb56e4fa7d7dbc462 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 26 Sep 2019 20:24:34 +0200 +Subject: [PATCH 10/13] ad: allow booleans for ad_inherit_opts_if_needed() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently ad_inherit_opts_if_needed() can only handle strings. With this +patch it can handle boolean options as well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_common.c | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index 5540066d4..600e3ceb2 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -1479,9 +1479,26 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts, + const char *parent_val = NULL; + char *dummy = NULL; + char *option_list[2] = { NULL, NULL }; +- +- parent_val = dp_opt_get_cstring(parent_opts, opt_id); +- if (parent_val != NULL) { ++ bool is_default = true; ++ ++ switch (parent_opts[opt_id].type) { ++ case DP_OPT_STRING: ++ parent_val = dp_opt_get_cstring(parent_opts, opt_id); ++ break; ++ case DP_OPT_BOOL: ++ /* For booleans it is hard to say if the option is set or not since ++ * both possible values are valid ones. So we check if the value is ++ * different from the default and skip if it is the default. In this ++ * case the sub-domain option would either be the default as well or ++ * manully set and in both cases we do not have to change it. */ ++ is_default = (parent_opts[opt_id].val.boolean ++ == parent_opts[opt_id].def_val.boolean); ++ break; ++ default: ++ DEBUG(SSSDBG_TRACE_FUNC, "Unsupported type, skipping.\n"); ++ } ++ ++ if (parent_val != NULL || !is_default) { + ret = confdb_get_string(cdb, NULL, subdom_conf_path, + parent_opts[opt_id].opt_name, NULL, &dummy); + if (ret != EOK) { +-- +2.20.1 + diff --git a/SOURCES/0011-ad-add-ad_use_ldaps.patch b/SOURCES/0011-ad-add-ad_use_ldaps.patch new file mode 100644 index 0000000..4b23943 --- /dev/null +++ b/SOURCES/0011-ad-add-ad_use_ldaps.patch @@ -0,0 +1,438 @@ +From da0be382d95f0bdbc6ad5ccb68503456c2ee858b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 26 Sep 2019 20:27:09 +0200 +Subject: [PATCH 11/13] ad: add ad_use_ldaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With this new boolean option the AD provider should only use the LDAPS +port 636 and the Global Catalog port 3629 which is TLS protected as +well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/config/SSSDConfig/__init__.py.in | 1 + + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/man/sssd-ad.5.xml | 20 +++++++++++++++++++ + src/providers/ad/ad_common.c | 24 +++++++++++++++++++---- + src/providers/ad/ad_common.h | 8 +++++++- + src/providers/ad/ad_init.c | 8 +++++++- + src/providers/ad/ad_opts.c | 1 + + src/providers/ad/ad_srv.c | 16 ++++++++++++--- + src/providers/ad/ad_srv.h | 3 ++- + src/providers/ad/ad_subdomains.c | 21 ++++++++++++++++++-- + src/providers/ipa/ipa_subdomains_server.c | 4 ++-- + 12 files changed, 94 insertions(+), 14 deletions(-) + +diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in +index eba89b461..84631862a 100644 +--- a/src/config/SSSDConfig/__init__.py.in ++++ b/src/config/SSSDConfig/__init__.py.in +@@ -252,6 +252,7 @@ option_strings = { + 'ad_site' : _('a particular site to be used by the client'), + 'ad_maximum_machine_account_password_age' : _('Maximum age in days before the machine account password should be renewed'), + 'ad_machine_account_password_renewal_opts' : _('Option for tuning the machine account renewal task'), ++ 'ad_use_ldaps' : _('Use LDAPS port for LDAP and Global Catalog requests'), + + # [provider/krb5] + 'krb5_kdcip' : _('Kerberos server address'), +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index c56d5a668..1034a1fd6 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -464,6 +464,7 @@ option = ad_machine_account_password_renewal_opts + option = ad_maximum_machine_account_password_age + option = ad_server + option = ad_site ++option = ad_use_ldaps + + # IPA provider specific options + option = ipa_anchor_uuid +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index aaa0b2345..a2af72603 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -20,6 +20,7 @@ ad_gpo_default_right = str, None, false + ad_site = str, None, false + ad_maximum_machine_account_password_age = int, None, false + ad_machine_account_password_renewal_opts = str, None, false ++ad_use_ldaps = bool, None, false + ldap_uri = str, None, false + ldap_backup_uri = str, None, false + ldap_search_base = str, None, false +diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml +index fdcb4e4b9..ade56cd6d 100644 +--- a/src/man/sssd-ad.5.xml ++++ b/src/man/sssd-ad.5.xml +@@ -1015,6 +1015,26 @@ ad_gpo_map_deny = +my_pam_service + + + ++ ++ ad_use_ldaps (bool) ++ ++ ++ By default SSSD uses the plain LDAP port 389 and the ++ Global Catalog port 3628. If this option is set to ++ True SSSD will use the LDAPS port 636 and Global ++ Catalog port 3629 with LDAPS protection. Since AD ++ does not allow to have multiple encryption layers on ++ a single connection and we still want to use ++ SASL/GSSAPI or SASL/GSS-SPNEGO for authentication ++ the SASL security property maxssf is set to 0 (zero) ++ for those connections. ++ ++ ++ Default: False ++ ++ ++ ++ + + dyndns_update (boolean) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index 600e3ceb2..a2369166a 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -729,6 +729,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + const char *ad_gc_service, + const char *ad_domain, + bool use_kdcinfo, ++ bool ad_use_ldaps, + size_t n_lookahead_primary, + size_t n_lookahead_backup, + struct ad_service **_service) +@@ -746,6 +747,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + goto done; + } + ++ if (ad_use_ldaps) { ++ service->ldap_scheme = "ldaps"; ++ service->port = LDAPS_PORT; ++ service->gc_port = AD_GC_LDAPS_PORT; ++ } else { ++ service->ldap_scheme = "ldap"; ++ service->port = LDAP_PORT; ++ service->gc_port = AD_GC_PORT; ++ } ++ + service->sdap = talloc_zero(service, struct sdap_service); + service->gc = talloc_zero(service, struct sdap_service); + if (!service->sdap || !service->gc) { +@@ -927,7 +938,8 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + goto done; + } + +- new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name); ++ new_uri = talloc_asprintf(service->sdap, "%s://%s", service->ldap_scheme, ++ srv_name); + if (!new_uri) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy URI\n"); + ret = ENOMEM; +@@ -935,7 +947,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + } + DEBUG(SSSDBG_CONF_SETTINGS, "Constructed uri '%s'\n", new_uri); + +- sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); ++ sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, service->port); + if (sockaddr == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); + ret = EIO; +@@ -951,8 +963,12 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + talloc_zfree(service->gc->uri); + talloc_zfree(service->gc->sockaddr); + if (sdata && sdata->gc) { +- new_port = fo_get_server_port(server); +- new_port = (new_port == 0) ? AD_GC_PORT : new_port; ++ if (service->gc_port == AD_GC_LDAPS_PORT) { ++ new_port = service->gc_port; ++ } else { ++ new_port = fo_get_server_port(server); ++ new_port = (new_port == 0) ? service->gc_port : new_port; ++ } + + service->gc->uri = talloc_asprintf(service->gc, "%s:%d", + new_uri, new_port); +diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h +index 75f11de2e..820e06124 100644 +--- a/src/providers/ad/ad_common.h ++++ b/src/providers/ad/ad_common.h +@@ -29,7 +29,8 @@ + #define AD_SERVICE_NAME "AD" + #define AD_GC_SERVICE_NAME "AD_GC" + /* The port the Global Catalog runs on */ +-#define AD_GC_PORT 3268 ++#define AD_GC_PORT 3268 ++#define AD_GC_LDAPS_PORT 3269 + + #define AD_AT_OBJECT_SID "objectSID" + #define AD_AT_DNS_DOMAIN "DnsDomain" +@@ -67,6 +68,7 @@ enum ad_basic_opt { + AD_KRB5_CONFD_PATH, + AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE, + AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS, ++ AD_USE_LDAPS, + + AD_OPTS_BASIC /* opts counter */ + }; +@@ -82,6 +84,9 @@ struct ad_service { + struct sdap_service *sdap; + struct sdap_service *gc; + struct krb5_service *krb5_service; ++ const char *ldap_scheme; ++ int port; ++ int gc_port; + }; + + struct ad_options { +@@ -147,6 +152,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, + const char *ad_gc_service, + const char *ad_domain, + bool use_kdcinfo, ++ bool ad_use_ldaps, + size_t n_lookahead_primary, + size_t n_lookahead_backup, + struct ad_service **_service); +diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c +index 290d5b5c1..2b4b9e2e7 100644 +--- a/src/providers/ad/ad_init.c ++++ b/src/providers/ad/ad_init.c +@@ -138,6 +138,7 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx, + char *ad_servers = NULL; + char *ad_backup_servers = NULL; + char *ad_realm; ++ bool ad_use_ldaps = false; + errno_t ret; + + ad_sasl_initialize(); +@@ -154,12 +155,14 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx, + ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER); + ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); + ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + /* Set up the failover service */ + ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers, + ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME, + dp_opt_get_string(ad_options->basic, AD_DOMAIN), + false, /* will be set in ad_get_auth_options() */ ++ ad_use_ldaps, + (size_t) -1, + (size_t) -1, + &ad_options->service); +@@ -184,11 +187,13 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx, + const char *ad_site_override; + bool sites_enabled; + errno_t ret; ++ bool ad_use_ldaps; + + hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME); + ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN); + ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE); + sites_enabled = dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + + if (!sites_enabled) { +@@ -205,7 +210,8 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx, + srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx, be_ctx->be_res, + default_host_dbs, ad_options->id, + hostname, ad_domain, +- ad_site_override); ++ ad_site_override, ++ ad_use_ldaps); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index 1293219ee..30f9b62fd 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -54,6 +54,7 @@ struct dp_option ad_basic_opts[] = { + { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING }, + { "ad_maximum_machine_account_password_age", DP_OPT_NUMBER, { .number = 30 }, NULL_NUMBER }, + { "ad_machine_account_password_renewal_opts", DP_OPT_STRING, { "86400:750" }, NULL_STRING }, ++ { "ad_use_ldaps", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + DP_OPTION_TERMINATOR + }; + +diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c +index 5fd25f60e..ca15d3715 100644 +--- a/src/providers/ad/ad_srv.c ++++ b/src/providers/ad/ad_srv.c +@@ -244,6 +244,7 @@ struct ad_get_client_site_state { + enum host_database *host_db; + struct sdap_options *opts; + const char *ad_domain; ++ bool ad_use_ldaps; + struct fo_server_info *dcs; + size_t num_dcs; + size_t dc_index; +@@ -264,6 +265,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx, + enum host_database *host_db, + struct sdap_options *opts, + const char *ad_domain, ++ bool ad_use_ldaps, + struct fo_server_info *dcs, + size_t num_dcs) + { +@@ -288,6 +290,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx, + state->host_db = host_db; + state->opts = opts; + state->ad_domain = ad_domain; ++ state->ad_use_ldaps = ad_use_ldaps; + state->dcs = dcs; + state->num_dcs = num_dcs; + +@@ -331,8 +334,11 @@ static errno_t ad_get_client_site_next_dc(struct tevent_req *req) + subreq = sdap_connect_host_send(state, state->ev, state->opts, + state->be_res->resolv, + state->be_res->family_order, +- state->host_db, "ldap", state->dc.host, +- state->dc.port, false); ++ state->host_db, ++ state->ad_use_ldaps ? "ldaps" : "ldap", ++ state->dc.host, ++ state->ad_use_ldaps ? 636 : state->dc.port, ++ false); + if (subreq == NULL) { + ret = ENOMEM; + goto done; +@@ -491,6 +497,7 @@ struct ad_srv_plugin_ctx { + const char *ad_domain; + const char *ad_site_override; + const char *current_site; ++ bool ad_use_ldaps; + }; + + struct ad_srv_plugin_ctx * +@@ -501,7 +508,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + struct sdap_options *opts, + const char *hostname, + const char *ad_domain, +- const char *ad_site_override) ++ const char *ad_site_override, ++ bool ad_use_ldaps) + { + struct ad_srv_plugin_ctx *ctx = NULL; + errno_t ret; +@@ -515,6 +523,7 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + ctx->be_res = be_res; + ctx->host_dbs = host_dbs; + ctx->opts = opts; ++ ctx->ad_use_ldaps = ad_use_ldaps; + + ctx->hostname = talloc_strdup(ctx, hostname); + if (ctx->hostname == NULL) { +@@ -714,6 +723,7 @@ static void ad_srv_plugin_dcs_done(struct tevent_req *subreq) + state->ctx->host_dbs, + state->ctx->opts, + state->discovery_domain, ++ state->ctx->ad_use_ldaps, + dcs, num_dcs); + if (subreq == NULL) { + ret = ENOMEM; +diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h +index e553d594d..8e410ec26 100644 +--- a/src/providers/ad/ad_srv.h ++++ b/src/providers/ad/ad_srv.h +@@ -31,7 +31,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + struct sdap_options *opts, + const char *hostname, + const char *ad_domain, +- const char *ad_site_override); ++ const char *ad_site_override, ++ bool ad_use_ldaps); + + struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, +diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c +index 2ce34489f..d8c201437 100644 +--- a/src/providers/ad/ad_subdomains.c ++++ b/src/providers/ad/ad_subdomains.c +@@ -282,6 +282,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + bool use_kdcinfo = false; + size_t n_lookahead_primary = SSS_KRB5_LOOKAHEAD_PRIMARY_DEFAULT; + size_t n_lookahead_backup = SSS_KRB5_LOOKAHEAD_BACKUP_DEFAULT; ++ bool ad_use_ldaps = false; + + realm = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_KRB5_REALM); + hostname = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_HOSTNAME); +@@ -312,6 +313,21 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + return ENOMEM; + } + ++ ret = ad_inherit_opts_if_needed(id_ctx->ad_options->basic, ++ ad_options->basic, ++ be_ctx->cdb, subdom_conf_path, ++ AD_USE_LDAPS); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to inherit option [%s] to sub-domain [%s]. " ++ "This error is ignored but might cause issues or unexpected " ++ "behavior later on.\n", ++ id_ctx->ad_options->basic[AD_USE_LDAPS].opt_name, ++ subdom->name); ++ ++ return ret; ++ } ++ + ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic, + ad_options->id->basic, + be_ctx->cdb, subdom_conf_path, +@@ -344,6 +360,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + + servers = dp_opt_get_string(ad_options->basic, AD_SERVER); + backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + if (id_ctx->ad_options->auth_ctx != NULL + && id_ctx->ad_options->auth_ctx->opts != NULL) { +@@ -362,7 +379,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + + ret = ad_failover_init(ad_options, be_ctx, servers, backup_servers, + subdom->realm, service_name, gc_service_name, +- subdom->name, use_kdcinfo, ++ subdom->name, use_kdcinfo, ad_use_ldaps, + n_lookahead_primary, + n_lookahead_backup, + &ad_options->service); +@@ -386,7 +403,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + ad_id_ctx->ad_options->id, + hostname, + ad_domain, +- ad_site_override); ++ ad_site_override, ad_use_ldaps); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c +index fd998877b..9aebf72a5 100644 +--- a/src/providers/ipa/ipa_subdomains_server.c ++++ b/src/providers/ipa/ipa_subdomains_server.c +@@ -319,7 +319,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, + ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers, + subdom->realm, + service_name, gc_service_name, +- subdom->name, use_kdcinfo, ++ subdom->name, use_kdcinfo, false, + n_lookahead_primary, n_lookahead_backup, + &ad_options->service); + if (ret != EOK) { +@@ -344,7 +344,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, + ad_id_ctx->ad_options->id, + id_ctx->server_mode->hostname, + ad_domain, +- ad_site_override); ++ ad_site_override, false); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +-- +2.20.1 + diff --git a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch new file mode 100644 index 0000000..311e5ea --- /dev/null +++ b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch @@ -0,0 +1,199 @@ +From 4c855d55944087cb2317c681f1dc78953ec95c4e Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 27 Sep 2019 11:49:59 +0200 +Subject: [PATCH 12/13] ldap: add new option ldap_sasl_maxssf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is already the ldap_sasl_minssf option. To be able to control the +maximal security strength factor (ssf) e.g. when using SASL together +with TLS the option ldap_sasl_maxssf is added as well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/config/SSSDConfig/__init__.py.in | 1 + + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + + src/man/sssd-ldap.5.xml | 16 ++++++++++++++++ + src/providers/ad/ad_opts.c | 1 + + src/providers/ipa/ipa_opts.c | 1 + + src/providers/ldap/ldap_opts.c | 1 + + src/providers/ldap/sdap.h | 1 + + src/providers/ldap/sdap_async_connection.c | 14 ++++++++++++++ + 11 files changed, 39 insertions(+) + +diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in +index 84631862a..a1b088bc4 100644 +--- a/src/config/SSSDConfig/__init__.py.in ++++ b/src/config/SSSDConfig/__init__.py.in +@@ -305,6 +305,7 @@ option_strings = { + 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), + 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'), + 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'), ++ 'ldap_sasl_maxssf' : _('Specify the maximal SSF for LDAP sasl authorization'), + 'ldap_krb5_keytab' : _('Kerberos service keytab'), + 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), + 'ldap_referrals' : _('Follow LDAP referrals'), +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index 1034a1fd6..fd5336db7 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -664,6 +664,7 @@ option = ldap_sasl_authid + option = ldap_sasl_canonicalize + option = ldap_sasl_mech + option = ldap_sasl_minssf ++option = ldap_sasl_maxssf + option = ldap_schema + option = ldap_pwmodify_mode + option = ldap_search_base +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index a2af72603..d6443e200 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -41,6 +41,7 @@ ldap_tls_reqcert = str, None, false + ldap_sasl_mech = str, None, false + ldap_sasl_authid = str, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + krb5_kdcip = str, None, false + krb5_server = str, None, false + krb5_backup_server = str, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf +index 7ed153d36..839f9f471 100644 +--- a/src/config/etc/sssd.api.d/sssd-ipa.conf ++++ b/src/config/etc/sssd.api.d/sssd-ipa.conf +@@ -32,6 +32,7 @@ ldap_tls_reqcert = str, None, false + ldap_sasl_mech = str, None, false + ldap_sasl_authid = str, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + krb5_kdcip = str, None, false + krb5_server = str, None, false + krb5_backup_server = str, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf +index 4f73e901e..6db9828b9 100644 +--- a/src/config/etc/sssd.api.d/sssd-ldap.conf ++++ b/src/config/etc/sssd.api.d/sssd-ldap.conf +@@ -35,6 +35,7 @@ ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_sasl_canonicalize = bool, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + ldap_connection_expire_timeout = int, None, false + ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false +diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml +index f8bb973c7..0dc675410 100644 +--- a/src/man/sssd-ldap.5.xml ++++ b/src/man/sssd-ldap.5.xml +@@ -612,6 +612,22 @@ + + + ++ ++ ldap_sasl_maxssf (integer) ++ ++ ++ When communicating with an LDAP server using SASL, ++ specify the maximal security level necessary to ++ establish the connection. The values of this ++ option are defined by OpenLDAP. ++ ++ ++ Default: Use the system default (usually specified ++ by ldap.conf) ++ ++ ++ ++ + + ldap_deref_threshold (integer) + +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index 30f9b62fd..905a15cd0 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -105,6 +105,7 @@ struct dp_option ad_def_ldap_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c +index 4fafa073d..55de6e600 100644 +--- a/src/providers/ipa/ipa_opts.c ++++ b/src/providers/ipa/ipa_opts.c +@@ -114,6 +114,7 @@ struct dp_option ipa_def_ldap_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = 56 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c +index ffd0c6baa..d1b4e98ad 100644 +--- a/src/providers/ldap/ldap_opts.c ++++ b/src/providers/ldap/ldap_opts.c +@@ -74,6 +74,7 @@ struct dp_option default_basic_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h +index f27b3c480..808a2c400 100644 +--- a/src/providers/ldap/sdap.h ++++ b/src/providers/ldap/sdap.h +@@ -192,6 +192,7 @@ enum sdap_basic_opt { + SDAP_SASL_AUTHID, + SDAP_SASL_REALM, + SDAP_SASL_MINSSF, ++ SDAP_SASL_MAXSSF, + SDAP_KRB5_KEYTAB, + SDAP_KRB5_KINIT, + SDAP_KRB5_KDC, +diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c +index 7438d14a7..5f69cedcc 100644 +--- a/src/providers/ldap/sdap_async_connection.c ++++ b/src/providers/ldap/sdap_async_connection.c +@@ -148,6 +148,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) + const char *sasl_mech; + int sasl_minssf; + ber_len_t ber_sasl_minssf; ++ int sasl_maxssf; ++ ber_len_t ber_sasl_maxssf; + + ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); + talloc_zfree(subreq); +@@ -291,6 +293,18 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) + goto fail; + } + } ++ ++ sasl_maxssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MAXSSF); ++ if (sasl_maxssf >= 0) { ++ ber_sasl_maxssf = (ber_len_t)sasl_maxssf; ++ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MAX, ++ &ber_sasl_maxssf); ++ if (lret != LDAP_OPT_SUCCESS) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set LDAP MAX SSF option " ++ "to %d\n", sasl_maxssf); ++ goto fail; ++ } ++ } + } + + /* if we do not use start_tls the connection is not really connected yet +-- +2.20.1 + diff --git a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch new file mode 100644 index 0000000..8a1a42d --- /dev/null +++ b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch @@ -0,0 +1,91 @@ +From d702d594e380a1d0f0e937524bdd8a3eabc9bdf1 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 27 Sep 2019 13:45:13 +0200 +Subject: [PATCH 13/13] ad: set min and max ssf for ldaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AD does not allow to use encryption in the TLS and SASL layer at the +same time. To be able to use ldaps this patch sets min and max ssf to 0 +if ldaps should be used. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_common.c | 21 +++++++++++++++++++++ + src/providers/ad/ad_common.h | 2 ++ + src/providers/ad/ad_subdomains.c | 4 ++++ + 3 files changed, 27 insertions(+) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index a2369166a..51300f5b2 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -1021,6 +1021,23 @@ done: + return; + } + ++void ad_set_ssf_for_ldaps(struct sdap_options *id_opts) ++{ ++ int ret; ++ ++ DEBUG(SSSDBG_TRACE_ALL, "Setting ssf for ldaps usage.\n"); ++ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MINSSF, 0); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to set SASL minssf for ldaps usage, ignored.\n"); ++ } ++ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MAXSSF, 0); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to set SASL maxssf for ldaps usage, ignored.\n"); ++ } ++} ++ + static errno_t + ad_set_sdap_options(struct ad_options *ad_opts, + struct sdap_options *id_opts) +@@ -1079,6 +1096,10 @@ ad_set_sdap_options(struct ad_options *ad_opts, + goto done; + } + ++ if (dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS)) { ++ ad_set_ssf_for_ldaps(id_opts); ++ } ++ + /* Warn if the user is doing something silly like overriding the schema + * with the AD provider + */ +diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h +index 820e06124..d23aee616 100644 +--- a/src/providers/ad/ad_common.h ++++ b/src/providers/ad/ad_common.h +@@ -181,6 +181,8 @@ errno_t + ad_get_dyndns_options(struct be_ctx *be_ctx, + struct ad_options *ad_opts); + ++void ad_set_ssf_for_ldaps(struct sdap_options *id_opts); ++ + struct ad_id_ctx * + ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx); + +diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c +index d8c201437..a9c6b9f28 100644 +--- a/src/providers/ad/ad_subdomains.c ++++ b/src/providers/ad/ad_subdomains.c +@@ -328,6 +328,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + return ret; + } + ++ if (dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS)) { ++ ad_set_ssf_for_ldaps(ad_options->id); ++ } ++ + ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic, + ad_options->id->basic, + be_ctx->cdb, subdom_conf_path, +-- +2.20.1 + diff --git a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch new file mode 100644 index 0000000..d470f4e --- /dev/null +++ b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch @@ -0,0 +1,36 @@ +From 007d5b79b7aef67dd843ed9a3b65095faaeb580f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Wed, 22 Jan 2020 09:43:21 +0000 +Subject: [PATCH] BE_REFRESH: Do not try to refresh domains from other backends + +We cannot refresh domains from different sssd_be processes. +We can refresh just subdomains + +Resolves: +https://pagure.io/SSSD/sssd/issue/4142 + +Merges: https://pagure.io/SSSD/sssd/pull-request/4139 + +Reviewed-by: Sumit Bose +--- + src/providers/be_refresh.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c +index 6cce38390..5e43571ce 100644 +--- a/src/providers/be_refresh.c ++++ b/src/providers/be_refresh.c +@@ -385,6 +385,10 @@ static errno_t be_refresh_step(struct tevent_req *req) + if (state->index == BE_REFRESH_TYPE_SENTINEL) { + state->domain = get_next_domain(state->domain, + SSS_GND_DESCEND); ++ /* we can update just subdomains */ ++ if (state->domain != NULL && !IS_SUBDOMAIN(state->domain)) { ++ break; ++ } + state->index = 0; + continue; + } +-- +2.20.1 + diff --git a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch new file mode 100644 index 0000000..54eb096 --- /dev/null +++ b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch @@ -0,0 +1,52 @@ +From 9ba6f33ee78e1c15847f11b8f75f8a8413034875 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= +Date: Tue, 3 Dec 2019 04:13:53 +0100 +Subject: [PATCH] sysdb_sudo: Enable LDAP time format compatibility +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +LDAP specification allows to ommit seconds and minutes +in time border definition. In that case they defaults to zeros. +Current sssd.sudo implementation requires precision up to +seconds in time definition. This commit allows to lower +the precision up to hours. + +Resolves: +https://pagure.io/SSSD/sssd/issue/4118 + +Reviewed-by: Pavel Březina +--- + src/db/sysdb_sudo.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c +index 59d6824c0..18088b017 100644 +--- a/src/db/sysdb_sudo.c ++++ b/src/db/sysdb_sudo.c +@@ -55,6 +55,22 @@ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time) + "%Y%m%d%H%M%S.0%z", + "%Y%m%d%H%M%S,0Z", + "%Y%m%d%H%M%S,0%z", ++ /* LDAP specification says that minutes and seconds ++ might be omitted and in that case these are meant ++ to be treated as zeros [1]. ++ */ ++ "%Y%m%d%H%MZ", /* Discard seconds */ ++ "%Y%m%d%H%M%z", ++ "%Y%m%d%H%M.0Z", ++ "%Y%m%d%H%M.0%z", ++ "%Y%m%d%H%M,0Z", ++ "%Y%m%d%H%M,0%z", ++ "%Y%m%d%HZ", /* Discard minutes and seconds*/ ++ "%Y%m%d%H%z", ++ "%Y%m%d%H.0Z", ++ "%Y%m%d%H.0%z", ++ "%Y%m%d%H,0Z", ++ "%Y%m%d%H,0%z", + NULL}; + + for (format = formats; *format != NULL; format++) { +-- +2.20.1 + diff --git a/SOURCES/0016-zanata-Pulled-new-translations.patch b/SOURCES/0016-zanata-Pulled-new-translations.patch new file mode 100644 index 0000000..34285fa --- /dev/null +++ b/SOURCES/0016-zanata-Pulled-new-translations.patch @@ -0,0 +1,65451 @@ +From 9b5ad094419a8b557477f52d9f59653a30e36aac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20=C5=BDidek?= +Date: Wed, 12 Feb 2020 23:32:46 +0100 +Subject: [PATCH] zanata: Pulled new translations + +--- + po/bg.po | 377 +++++++------ + po/ca.po | 377 +++++++------ + po/de.po | 377 +++++++------ + po/es.po | 395 ++++++------- + po/eu.po | 376 +++++++------ + po/fr.po | 785 ++++++++++++++------------ + po/hu.po | 376 +++++++------ + po/id.po | 377 +++++++------ + po/it.po | 377 +++++++------ + po/ja.po | 503 +++++++++-------- + po/nb.po | 376 +++++++------ + po/nl.po | 377 +++++++------ + po/pl.po | 411 +++++++------- + po/pt.po | 377 +++++++------ + po/pt_BR.po | 376 +++++++------ + po/ru.po | 377 +++++++------ + po/sssd.pot | 376 +++++++------ + po/sv.po | 395 ++++++------- + po/tg.po | 376 +++++++------ + po/tr.po | 376 +++++++------ + po/uk.po | 414 +++++++------- + po/zh_CN.po | 376 +++++++------ + po/zh_TW.po | 377 +++++++------ + src/man/po/br.po | 576 ++++++++++--------- + src/man/po/ca.po | 720 +++++++++++------------- + src/man/po/cs.po | 604 ++++++++++---------- + src/man/po/de.po | 754 +++++++++++-------------- + src/man/po/es.po | 869 ++++++++++++++--------------- + src/man/po/eu.po | 560 ++++++++++--------- + src/man/po/fi.po | 590 ++++++++++---------- + src/man/po/fr.po | 740 +++++++++++-------------- + src/man/po/ja.po | 687 +++++++++++------------ + src/man/po/lv.po | 580 ++++++++++--------- + src/man/po/nl.po | 606 ++++++++++---------- + src/man/po/pt.po | 613 ++++++++++---------- + src/man/po/pt_BR.po | 560 ++++++++++--------- + src/man/po/ru.po | 577 ++++++++++--------- + src/man/po/sssd-docs.pot | 538 ++++++++++-------- + src/man/po/sv.po | 948 ++++++++++++------------------- + src/man/po/tg.po | 572 ++++++++++--------- + src/man/po/uk.po | 1137 ++++++++++++++++++-------------------- + src/man/po/zh_CN.po | 576 ++++++++++--------- + 42 files changed, 11116 insertions(+), 10995 deletions(-) + +diff --git a/po/bg.po b/po/bg.po +index 831ee28b8..fe9b87e90 100644 +--- a/po/bg.po ++++ b/po/bg.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" +@@ -699,7 +699,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP филтър за определяне права на достъп" + +@@ -770,737 +770,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Адрес на Kerberos сървър" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos област" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Директория за съхранение на кеша за данни за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Местоположение на кеша за данни за удостоверяване на потребители" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Местоположение на keytab за валидиране на данните за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Разреши проверката на данните за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Записва паролата ако е офлайн за по-късно удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI на LDAP сървъра" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Базовият DN по подразбиране" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Използваният тип схема на LDAP сървъра, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Подразбиращият се bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Продължителност на опитите за свързване" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Продължителност на опитите за синхронни LDAP операции" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Продължителност на времето между опитите за връзка докато е офлайн" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл, съдържащ CA сертификати" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Път до директорията на CA сертификат" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Изисква TLS проверка на сертификат" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Задава за използване механизма sasl" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Задаване на sasl authorization id за употреба" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Задаване на sasl authorization id за употреба" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "keytab на Kerberos услуга" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Ползвай Kerberos auth за LDAP връзка" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Следвай LDAP референциите" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Продължителност на живот на TGT за LDAP връзка" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Продължителност на време за изчакване на заявка за търсене" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Продължителност на време между актуализации на изброяване" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Изисква TLS за ИД справките" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "атрибут Потребителско име" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "атрибут UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "атрибут Първичен GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "атрибут GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "атрибут Домашна директория" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "атрибут Команден интерпретатор" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "атрибут User principal (за Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Пълно име" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "атрибут членНа" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "атрибут Момент на промяна" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Политика за определяне срок на валидност на парола" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Списък разрешени потребители, разделени със запетая" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Списък забранени потребители, разделени със запетая" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Подразбиращ се команден интерпретатор, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Място за домашните директории" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ca.po b/po/ca.po +index c0127b109..a7a8f9b34 100644 +--- a/po/ca.po ++++ b/po/ca.po +@@ -14,7 +14,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2017-10-15 03:02+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch \n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +@@ -767,7 +767,7 @@ msgid "Active Directory client hostname" + msgstr "Nom d'amfitrió del client d'Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtre LDAP per determinar els privilegis d'accés" + +@@ -855,217 +855,226 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adreça del servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adreça del servidor Kerberos de reserva" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reialme Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Temps d'expiració de l'autenticació" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Si es creen els fitxers kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Si es rebutgen les parts de la configuració del krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directori per emmagatzemar la memòria cau de les credencials" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ubicació de la memòria cau de les credencials de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ubicació de la clau per validar les credencials" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Habilita la validació de credencials" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació " + "posterior amb connexió" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Temps de vida renovable del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Temps de vida del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Temps entre les dues comprovacions per a la renovació" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Habilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecciona el principal per utilitzar amb FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Habilita la canonització del principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Habilita els principals empresarials" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Servidor on es troba el servei de canvi de contrasenya si no està al KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, L'URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, L'URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "El DN base per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "El DN de creació del vincle per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + "El tipus del testimoni d'autenticació del DN de creació del vincle per " + "defecte" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Període de temps per intentar una connexió" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Període de temps per intentar operacions LDAP asíncrones" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Període de temps entre els intents per tornar a connectar mentre s'està " + "desconnectat" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Utilitza només majúscules pels noms de reialme" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fitxer que conté els certificats de l'AC" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Camí al directori del certificat de l'AC" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fitxer que conté el certificat de client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fitxer que conté la clau de client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Llista de paquets de xifrat possibles" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requereix verificació de certificat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especifica el mecanisme SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifica l'id. d'autorització SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Especifica el reialme d'autorització SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Taula de claus del servei del Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Segueix les referències LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Temps de vida del TGT per la connexió LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Com desreferenciar els àlies" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nom del servei per a la recerca del servei del DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "El nombre de registres a recuperar en una sola consulta LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "El nombre de membres que han de faltar per activar una de-referència completa" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1073,384 +1082,384 @@ msgstr "" + "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar " + "el nom d'amfitrió durant la creació del vincle SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "L'atribut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "L'atribut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de " + "desconnectar" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Inhabilita el control de paginació LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Inhabilita la recuperació de l'interval de l'Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Període de temps per esperar una petició de cerca" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Període de temps per esperar una petició d'enumeració" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Període de temps entre les actualitzacions de les enumeracions" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Període de temps entre les neteges de la memòria cau" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requereix TLS per a la recerca d'id." + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base per a la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Abast de la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtre per a la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass per als usuaris" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "L'atribut nom d'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "L'atribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "L'atribut GID primari" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "L'atribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "L'atribut directori inicial" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "L'atribut shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "L'atribut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "L'atribut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "L'atribut usuari principal (per a Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nom complet" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "L'atribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "L'atribut data de modificació" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "L'atribut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "L'atribut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "L'atribut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "L'atribut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "L'atribut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "L'atribut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "L'atribut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "L'atribut que llista els serveis PAM autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "L'atribut que llista els amfitrions dels servidors autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "L'atribut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "L'atribut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "L'atribut que indica l'activació de les polítiques de contrasenya de servidor" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "L'atribut accountExpires de l'AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "L'atribut userAccountControl de l'AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "L'atribut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "L'atribut loginDisabled del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "L'atribut loginExpirationTime del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "L'atribut loginAllowedTimeMap del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "L'atribut clau pública SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atribut que conté el certificat X509 de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Una llista dels atributs extres per baixar juntament amb l'entrada de " + "l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN base per a la recerca del grup" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "L'objectclass per als grups" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nom del grup" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Contrasenya del grup" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "L'atribut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "L'atribut membre del grup" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "L'atribut UUID del grup" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "L'atribut data de modificació per als grups" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Tipus del grup i altres senyals" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN base per a la recerca del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "L'objectclass per als grups de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nom de grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "L'atribut membres del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "L'atribut triple del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "L'atribut data de modificació per als grups de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "DN base per a la recerca del servei" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objectclass per als serveis" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "L'atribut nom del servei" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "L'atribut port del servei" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "L'atribut protocol del servei" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Límit inferior per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Límit superior per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Nombres d'id. per cada porció en l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nom del domini per defecte per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID del domini per defecte per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Si s'utilitzen els grups amb testimonis" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Estableix el límit superior per als id. permesos del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN per a les consultes ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Política per avaluar el venciment de la contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1458,23 +1467,23 @@ msgstr "" + "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de " + "contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "DN base per a la recerca de les regles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Període d'actualització automàtica completa" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Període d'actualització automàtica intel·ligent" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1482,143 +1491,143 @@ msgstr "" + "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina " + "per filtrar les regles de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de " + "l'amfitrió" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Si s'inclouen les regles que contenen expressions regulars a l'atribut de " + "l'amfitrió" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objectclass de les regles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nom de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut command de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "L'atribut host de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "L'atribut user de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "L'atribut option de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "L'atribut runas de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "L'atribut runasuser de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "L'atribut runasgroup de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "L'atribut notbefore de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "L'atribut notafter de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "L'atribut order de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + "Objectclass per a les entrades de les assignacions de l'eina de muntatge " + "automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Llista separada per comes dels usuaris autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Llista separada per comes dels usuaris no autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "El shell predeterminat, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base per als directoris inicials" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "El nom de la biblioteca NSS a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Si se cerca el nom del grup canònic des de la memòria cau, si és possible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pila PAM a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/de.po b/po/de.po +index 644ede9bf..fc3fecde5 100644 +--- a/po/de.po ++++ b/po/de.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/" +@@ -754,7 +754,7 @@ msgid "Active Directory client hostname" + msgstr "Hostname des Active-Directory-Clients" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-Filter zum Bestimmen der Zugriffsprivilegien" + +@@ -825,213 +825,222 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-Serveradresse" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adresse des Ersatz-Kerberos-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-Realm" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Zeitüberschreitung bei Authentifizierung" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Gibt an, ob kdcinfo-Dateien angelegt werden" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Verzeichnis zum Speichern der Anmeldedaten" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ort des Zwischenspeichers für die Anmeldedaten des Benutzers" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ort der Schlüsseltabelle zum Überprüfen von Anmeldedaten" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Validierung der Anmeldedaten aktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Passwort im Offline-Modus für spätere Online-Anmeldung speichern" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Erneuerung der Lebensdauer des TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Lebensdauer des TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Zeitspanne zwischen zwei Prüfungen, ob Erneuerung nötig ist" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Aktiviert FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Wählt den für FAST zu verwendenden Principal aus" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Aktiviert Kanonisierung des Principals" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Enterprise-Principals aktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server, auf dem der Dienst zum Ändern des Passworts läuft, falls nicht KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, die URI des LDAP-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, die URI des LDAP-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Vorgegebene Basis-DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Der vom LDAP-Server verwendete Schema-Typ gemäß RFC2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Vorgegebene Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typ des Authentifizierungs-Tokens der vorgegebenen Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Authentifizierungs-Token für die vorgegebene Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Zeitspanne für einen Verbindungsversuch" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Zeitspanne für Versuche zur Ausführung synchroner LDAP-Vorgänge" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Zeitspanne zwischen Versuchen zum erneuten Verbindungsaufbau im Offline-Modus" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Nur Großschreibung für Realm-Namen verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Datei, die CA-Zertifikate enthält" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Pfad zum CA-Zertifikatverzeichnis" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Datei, die das Client-Zertifikat enthält" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Datei, die den Client-Schlüssel enthält" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Liste der möglichen Verschlüsselungs-Suites" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS-Zertifikatüberprüfung erforderlich machen" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Zu verwendenden sasl-Mechanismus angeben" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Zu verwendende ID für sasl-Authentifizierung angeben" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Zu verwendenden Realm für sasl-Authentifizierung angeben" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Schlüsseltabelle des Kerberos-Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Kerberos-Authentifizierung für LDAP-Verbindung verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "LDAP-Verweisen folgen" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Lebensdauer von TGT für LDAP-Verbindung" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Dereferenzierung von Aliasen" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Dienstname für DNS-Service-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Anzahl der in einer einzelnen LDAP-Abfrage zu holenden Datensätze" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Anzahl der Elemente, die fehlen müssen, um eine vollständige " + "Dereferenzierung auszulösen" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1039,383 +1048,383 @@ msgstr "" + "Gibt an, ob die LDAP-Bibliothek eine Rückwärtssuche ausführen soll, um den " + "Rechnernamen während einer SASL-Bindung zu kanonisieren" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Zeitspanne zum Halten einer Verbindung zum LDAP-Server, bis diese " + "unterbrochen wird" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "LDAP-Paging-Steuerung deaktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Bereichsermittlung für Active Directory deaktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Zeitspanne zum Warten auf eine Suchanfrage" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Zeitspanne zum Warten auf eine Auflistungsanfrage" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Zeitspanne zwischen Auflistungsanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Zeitspanne zwischen den Leerungen des Zwischenspeichers" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS für ID-Suchvorgänge erforderlich machen" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "ID-Zuweisung von objectSID anstelle von voreingestellten IDs verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Basis-DN für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Bereich für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objektklasse für Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Benutzername-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primäres GID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Home-Verzeichnis-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID -Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Active-Directory-Primärgruppen-Attribut für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Principal-Attribut verwenden (für Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Vollständiger Name" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Änderungszeit-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut, welches die autorisierten PAM-Dienste auflistet" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribut, welches die autorisierten Server-Hosts auflistet" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Attribut, welches angibt, dass die serverseitigen Passwortregeln aktiv sind" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "accountExpires-Attribut von AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "userAccountControl-Attribut von AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut für öffentlichen SSH-Schlüssel" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Eine Liste der zusätzlich herunterzuladender Attribute zusammen mit dem " + "Benutzereintrag" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Basis-DN für Gruppen-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objektklasse für Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Gruppenname" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Gruppenpasswort" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Gruppen-ID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Gruppen-Mitgliedschafts-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Änderungszeit-Attribut für Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typ der Gruppe und weitere Flags" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Basis-DN für Netzgruppen-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objektklasse für Netzgruppen" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Netzgruppenname" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Netzgruppen-Mitglieder-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Netzgruppen-Tripel-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Änderungszeit-Attribut für Netzgruppen" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Basis-DN für Dienste-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objektklasse für Dienste" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Name-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Port-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Protokoll-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Untere Grenze für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Obere Grenze für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Anzahl der IDs für jeden Teil bei der ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "autorid-kompatiblen Algorithmus für ID-Zuweisung verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Name der Vorgabe-Domain für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID der Vorgabedomain für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Verwendung von Token-Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Untere Grenze für zulässige IDs des LDAP-Servers angeben" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Obere Grenze für zulässige IDs des LDAP-Servers angeben" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Regel zum Ermitteln der Ablaufzeit des Passworts" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Attribute, die bei der Ermittlung verwendet werden, ob ein Konto abgelaufen " + "ist" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Regeln für die Ermittlung der Zugriffskontrolle" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI eines LDAP-Servers, wo Passwortänderungen zulässig sind" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "URI eines Ersatz-LDAP-Servers, wo Passwortänderungen zulässig sind" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS-Dienstname für den LDAP-Passwortänderungsserver" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1423,25 +1432,25 @@ msgstr "" + "Gibt an, ob das Attribut ldap_user_shadow_last_change nach einer " + "Passwortänderung aktualisiert werden soll" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Basis-DN für Suchanfragen nach Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Periode für automatische vollständige Aktualisierung" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Periode für bedingte vollständige Aktualisierung" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Gibt an, ob Regeln nach Hostnamen, IP-Adressen oder Netzwerken gefiltert " + "werden sollen" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1449,140 +1458,140 @@ msgstr "" + "Hostnamen und/oder voll ausgeschriebene Domain-Namen dieses Rechners zum " + "Filtern von Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4- oder IPv6-Adressen oder Netzwerk dieses Rechners zum Filtern von sudo-" + "Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die " + "Netzgruppen enthalten" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die reguläre " + "Ausdrücke enthalten" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objektklasse für Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo-Regelname" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Befehlsattribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Host-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Benutzer-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Optionsattribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "runasuser-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "runasgroup-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "notbefore-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "notafter-Attribut der sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Reihenfolge-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objektklasse für Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Name-Attribut der Automounter-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objektklasse für Einträge von Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Schlüssel-Attribut des Automounter-Zuweisungseintrags" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Wert-Attribut des Automounter-Zuweisungseintrags" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Basis-DN für Suchanfragen nach Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Durch Kommata getrennte Liste der erlaubten Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Durch Kommata getrennte Liste der verbotenen Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Vorgabeshell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Wurzel für Benutzerverzeichnisse" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Name der zu verwendenden NSS-Bibliothek" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Gibt an, ob wenn möglich im Zwischenspeicher nach dem kanonischen " + "Gruppennamen gesucht werden soll" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Zu verwendender PAM-Stapel" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/es.po b/po/es.po +index d5dee5ecb..d3b5a5eff 100644 +--- a/po/es.po ++++ b/po/es.po +@@ -18,7 +18,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-08-26 09:45+0000\n" + "Last-Translator: Emilio Herrera \n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/" +@@ -794,7 +794,7 @@ msgid "Active Directory client hostname" + msgstr "Nombre de host del cliente de Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtro LDAP para determinar privilegios de acceso" + +@@ -884,215 +884,224 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "Opción para afinar la tarea de renovación de la cuenta de la máquina" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Dirección del servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Dirección del servidor de respaldo Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reinado Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Expiración de la autenticación" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Si se crean ficheros kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Dónde soltar los fragmentos de configuración de krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directorio donde almacenar las credenciales cacheadas" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ubicación del caché de credenciales del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ubicación de la tabla de claves para validar las credenciales" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Habilitar la validación de credenciales" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Si se encuentra desconectado, almacena contraseñas para más tarde realizar " + "una autenticación en línea" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "ciclo de vida renovable del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "ciclo de vida del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "tiempo entre dos comprobaciones para renovación " + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Habilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecciona el principal para su uso por FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Habilita canonicalización principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Permite los principios de la empresa" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + "Un mapeo desde los nombres de usuario a los nombres de principal de Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "El servidor en donde está ejecutándose el servicio de modificación de " + "contraseña, en caso de no ser KDC. " + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, El URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, La URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "DN base predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Modo usado para cambiar la contraseña de usuario" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "El DN Bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "El tipo del token de autenticación del DN bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "El token de autenticación del DN bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Tiempo durante el que se intentará la conexión" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Use solo el caso superior para nombres reales" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Archivo que contiene los certificados CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Ruta hacia un directorio certificado CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fichero que contiene el certificado de cliente" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fichero que contiene la llave de cliente" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista de posibles suites de cifrado" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requiere la verificación de certificado TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especificar el mecanismo sasl a usar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifique el id de autorización sasl a usar" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Especifica el reinado de autorización sasl a ser utilizado" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Tabla de clave del servicio Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Usar auth Kerberos para la conexión LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguir referencias LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Período de vida del TGT para la conexión LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Como eliminar aliases" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nombre de servicio para busquedas de servicios DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "La cantidad de miembros que deben faltar para desencadenar una deref completa" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1100,389 +1109,389 @@ msgstr "" + "Si la Biblioteca LDAP debería realizar una búsqueda inversa para " + "canonicalizar el nombre del host durante un enlace SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "atributo entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "atributo lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "El período de tiempo máximo para retener una conexión con el servidor LDAP " + "antes de desconectar" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Deshabilita el control de paginación LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Deshabilitar el rango de recuperación Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tiempo máximo a esperar un pedido de búsqueda" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "periodo de espera para solicitud de enumeración" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tiempo en segundos entre las actualizaciones de enumeración" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "periodo de tiempo entre borrados de la caché" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requiere TLS para búsquedas de ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Usar el mapeado ID de objectSID en lugar de las IDs preajustadas" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base para búsquedas de usuario" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Ambito de las búsquedas del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro para las búsquedas del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass para los usuarios" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atributo Username" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atributo GID primario" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atributo Directorio de inicio" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atributo shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Atributo UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Atributo objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Atributo primario del grupo Active Directory para el mapeado de ID" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atributo principal del usuario (para Kerberos) " + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nombre completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atributo hora de modificación" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "atributo shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "atributo shadowMin " + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "atributo shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "atributo shadowWarning " + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "atributo shadowInactive " + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "atributo shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "atributo shadowFlag " + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "listado de atributos de servicios PAM autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Atributo de listado de equipos de servidor autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Atributo listando los rhosts de los servidores autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "atributo krbLastPwdChange " + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "atributo krbPasswordExpiration " + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "atributo indicando que las políticas de contraseña del lado del servidor " + "están activas" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "atributo accountExpires de AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "atributo userAccountControl de AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "atributo nsAccountLock " + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Atributo de clave pública SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "atributo listando los tipos de autenticación permitidos para un usuario" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atributo conteniendo el certificado X509 del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "atributo que contiene la dirección de correo electrónico del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Una lista de los atributos extra a descargar junto con la entrada del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN base para busqueda de grupos" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "clase objeto para" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nombre del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Contraseña del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Atributo GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Atributo de miembro del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Atributo UUID de grupo" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Atributo de modificación de tiempo para los grupos" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Tipo del grupo y otras banderas" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Atributo de miembro de grupo externo LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Máximo nivel de anidamiento que seguirá SSSD" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN base para búsquedas de grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Clases de objetos para grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nombre de grupo de red" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Atributo de miembros de grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Atributo triple de grupo de red" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Atributo de modificación de tiempo para grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Base DN para servicio de búsquedas" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Clase de objeto para servicio" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Atributo de nombre de servicio" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Atributo de puerto de servicio" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Atributo de protocolo de servidor" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Límite más bajo para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Límite más alto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Número de IDs por cada trozo cuando se mapean ID" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Usar el algoritmo compatible con autorid para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nombre del dominio por defecto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID del dominio por defecto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Número de trozos secundarios" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Si usar Token-Groups" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Fijar el límite más bajo de IDs permitidas desde el servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + "Fijar el límite más alto para las IDs permitidas desde el servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN para consultas ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Máximas entradas a recuperar durante una solicitud de comodín" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Política para evaluar el vencimiento de la contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Los atributos que deberán ser utilizados para evaluar si una cuenta ha " + "expirado" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + "URI de un servidor LDAP donde se permite la modificación de contraseñas" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI de un servidor de respaldo LDAP donde están permitidos los cambios de " + "contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1490,23 +1499,23 @@ msgstr "" + "Si actualizar el atributo ldap_user_shadow_last_change después de un cambio " + "de contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Base DN para búsquedas de reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Período de refresco total automático" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Período de refresco inteligente automático" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Si filtrar la reglas por nombre de host, direcciones IP y red" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1514,133 +1523,133 @@ msgstr "" + "Nombres de host y/o nombres de dominio totalmente cualificado de esta " + "máquina para filtrar las reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "Direcciones o red IPv4 o IPv6 de esta máquina para filtrar reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "Si incluir reglas que contienen netgroup en el atributo de host" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Si incluir reglas que contengan expresiones regulares en el atributo de host" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objeto clase para reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nombre de regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Atributo de regla de comando sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Atributo de la regla host de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Atributo de la regla usuario de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Atributo de la regla opción de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Atributo runas de regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Atributo de la regla suda runasuser" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Atributo de regla runasgroup de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Atributo de regla notbefore de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Atributo de regla noafter de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Atributo de regla orden de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objeto clase para mapas automontador" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Atributo de nombre de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objeto clase para entradas de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Atributo de clave de entrada para mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Atributo de valor de entrada para mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Base DN para búsquedas de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista separada por comas de usuarios autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista separada por comas de usuarios prohibidos" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell predeterminado, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base de los directorios de inicio" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Número de hijos proxy prefabricados" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nombre de la biblioteca NSS a usar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Si buscar el nombre canónico del grupo desde el cache si es posible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pila PAM a usar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Ruta de las fuentes del fichero passwd" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Ruta de las fuentes del fichero group" + +@@ -2571,14 +2580,14 @@ msgid "Search by group ID" + msgstr "Búsqueda por ID de grupo" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Incapaz de analizar el nombre %s.\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "El socket SSSD no existe." ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2597,13 +2606,10 @@ msgid "Error while reading configuration directory.\n" + msgstr "" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Fichero %1$s no existe. SSSD usará la configuración predeterminada con " +-"ficheros del suministrador.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +@@ -2620,9 +2626,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Mensajes generados durante la configuración de la fusión: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Configuración usada retazos de ficheros: %u\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2721,9 +2727,8 @@ msgid "Online status: %s\n" + msgstr "Estado en línea: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Mostrar información sobre el servidor activo" ++msgstr "" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +diff --git a/po/eu.po b/po/eu.po +index dce3b6ba4..a0d93d3cf 100644 +--- a/po/eu.po ++++ b/po/eu.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "FAST gaitzen du" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN atributua" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN atributua" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Izen osoa" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange atributua" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin atributua" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax atributua" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning atributua" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive atributua" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire atributua" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag atributua" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange atributua" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration atributua" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "ADren accountExpires atributua" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "ADren userAccountControl atributua" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock atributua" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Talde-izena" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Taldearen pasahitza" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell lehenetsia, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/fr.po b/po/fr.po +index db16ecd39..c3756af43 100644 +--- a/po/fr.po ++++ b/po/fr.po +@@ -9,13 +9,14 @@ + # Mariko Vincent , 2012 + # Jérôme Fenal , 2015. #zanata + # Jérôme Fenal , 2016. #zanata ++# Ludek Janda , 2020. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2016-02-24 03:43+0000\n" +-"Last-Translator: Jérôme Fenal \n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2020-01-14 01:48+0000\n" ++"Last-Translator: Copied by Zanata \n" + "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" + "fr/)\n" + "Language: fr\n" +@@ -45,7 +46,7 @@ msgstr "Écrire les messages de débogage dans les journaux" + + #: src/config/SSSDConfig/__init__.py.in:48 + msgid "Watchdog timeout before restarting service" +-msgstr "" ++msgstr "Délai de surveillance avant le redémarrage du service" + + #: src/config/SSSDConfig/__init__.py.in:49 + msgid "Command to start service" +@@ -67,11 +68,13 @@ msgstr "durée d'inactivité avant la déconnexion automatique d'un client" + + #: src/config/SSSDConfig/__init__.py.in:53 + msgid "Idle time before automatic shutdown of the responder" +-msgstr "" ++msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur" + + #: src/config/SSSDConfig/__init__.py.in:54 + msgid "Always query all the caches before querying the Data Providers" + msgstr "" ++"Interrogez toujours tous les caches avant d'interroger les fournisseurs de " ++"données" + + #: src/config/SSSDConfig/__init__.py.in:57 + msgid "SSSD Services to start" +@@ -113,7 +116,7 @@ msgstr "L'utilisation vers lequel abandonner les privilèges" + + #: src/config/SSSDConfig/__init__.py.in:65 + msgid "Tune certificate verification" +-msgstr "" ++msgstr "Régler la vérification du certificat" + + #: src/config/SSSDConfig/__init__.py.in:66 + msgid "All spaces in group or user names will be replaced with this character" +@@ -123,15 +126,15 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:67 + msgid "Tune sssd to honor or ignore netlink state changes" +-msgstr "" ++msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink" + + #: src/config/SSSDConfig/__init__.py.in:68 + msgid "Enable or disable the implicit files domain" +-msgstr "" ++msgstr "Activer ou désactiver le domaine des fichiers implicites" + + #: src/config/SSSDConfig/__init__.py.in:69 + msgid "A specific order of the domains to be looked up" +-msgstr "" ++msgstr "Un ordre spécifique des domaines à rechercher" + + #: src/config/SSSDConfig/__init__.py.in:72 + msgid "Enumeration cache timeout length (seconds)" +@@ -150,7 +153,7 @@ msgstr "Délai d'attente du cache négatif (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:75 + msgid "Files negative cache timeout length (seconds)" +-msgstr "" ++msgstr "Délai d'attente du cache négatif (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:76 + msgid "Users that SSSD should explicitly ignore" +@@ -214,7 +217,7 @@ msgstr "Durée de maintien en cache des enregistrements valides" + + #: src/config/SSSDConfig/__init__.py.in:88 + msgid "List of user attributes the NSS responder is allowed to publish" +-msgstr "" ++msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier" + + #: src/config/SSSDConfig/__init__.py.in:91 + msgid "How long to allow cached logins between online logins (days)" +@@ -242,7 +245,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:95 + msgid "Filter PAM responses sent to the pam_sss" +-msgstr "" ++msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss" + + #: src/config/SSSDConfig/__init__.py.in:96 + msgid "How many seconds to keep identity information cached for PAM requests" +@@ -272,36 +275,40 @@ msgstr "Message affiché lorsque le compte a expiré" + + #: src/config/SSSDConfig/__init__.py.in:101 + msgid "Message printed when user account is locked." +-msgstr "" ++msgstr "Message affiché lorsque le compte a expiré" + + #: src/config/SSSDConfig/__init__.py.in:102 + msgid "Allow certificate based/Smartcard authentication." +-msgstr "" ++msgstr "Autoriser l'authentification par certificat/carte à puce." + + #: src/config/SSSDConfig/__init__.py.in:103 + msgid "Path to certificate database with PKCS#11 modules." + msgstr "" ++"Chemin d'accès à la base de données des certificats des modules PKCS#11." + + #: src/config/SSSDConfig/__init__.py.in:104 + msgid "How many seconds will pam_sss wait for p11_child to finish" +-msgstr "" ++msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child" + + #: src/config/SSSDConfig/__init__.py.in:105 + msgid "Which PAM services are permitted to contact application domains" + msgstr "" ++"Quels services PAM sont autorisés à contacter les domaines d'application" + + #: src/config/SSSDConfig/__init__.py.in:106 + msgid "Allowed services for using smartcards" +-msgstr "" ++msgstr "Services autorisés pour l'utilisation de cartes à puce" + + #: src/config/SSSDConfig/__init__.py.in:107 + msgid "Additional timeout to wait for a card if requested" +-msgstr "" ++msgstr "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé" + + #: src/config/SSSDConfig/__init__.py.in:108 + msgid "" + "PKCS#11 URI to restrict the selection of devices for Smartcard authentication" + msgstr "" ++"URI PKCS#11 pour limiter la sélection des périphériques pour " ++"l'authentification par carte à puce" + + #: src/config/SSSDConfig/__init__.py.in:111 + msgid "Whether to evaluate the time-based attributes in sudo rules" +@@ -309,13 +316,15 @@ msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sud + + #: src/config/SSSDConfig/__init__.py.in:112 + msgid "If true, SSSD will switch back to lower-wins ordering logic" +-msgstr "" ++msgstr "Si sur true, SSSD repasse en logique de commande à faible gain" + + #: src/config/SSSDConfig/__init__.py.in:113 + msgid "" + "Maximum number of rules that can be refreshed at once. If this is exceeded, " + "full refresh is performed." + msgstr "" ++"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de " ++"dépassement, un rafraîchissement complet est effectué." + + #: src/config/SSSDConfig/__init__.py.in:119 + msgid "Whether to hash host names and addresses in the known_hosts file" +@@ -332,17 +341,19 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:121 + msgid "Path to storage of trusted CA certificates" +-msgstr "" ++msgstr "Chemin d'accès au stockage des certificats d'AC de confiance" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Permet de générer des ssh-keys à partir de certificats" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Utilisez les règles de correspondance suivantes pour filtrer les certificats " ++"pour la génération de clés ssh" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -351,7 +362,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:127 + msgid "How long the PAC data is considered valid" +-msgstr "" ++msgstr "Durée de validité des données du PAC" + + #: src/config/SSSDConfig/__init__.py.in:130 + msgid "List of UIDs or user names allowed to access the InfoPipe responder" +@@ -365,83 +376,94 @@ msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier" + + #: src/config/SSSDConfig/__init__.py.in:134 + msgid "The provider where the secrets will be stored in" +-msgstr "" ++msgstr "Le fournisseur où les secrets seront stockés" + + #: src/config/SSSDConfig/__init__.py.in:135 + msgid "The maximum allowed number of nested containers" +-msgstr "" ++msgstr "Le nombre maximal de conteneurs imbriqués autorisés" + + #: src/config/SSSDConfig/__init__.py.in:136 + msgid "The maximum number of secrets that can be stored" +-msgstr "" ++msgstr "Le nombre maximum de secrets qui peuvent être stockés" + + #: src/config/SSSDConfig/__init__.py.in:137 + msgid "The maximum number of secrets that can be stored per UID" +-msgstr "" ++msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID" + + #: src/config/SSSDConfig/__init__.py.in:138 + msgid "The maximum payload size of a secret in kilobytes" +-msgstr "" ++msgstr "La taille maximale de la charge utile d'un secret en kilo-octets" + + #: src/config/SSSDConfig/__init__.py.in:140 + msgid "The URL Custodia server is listening on" +-msgstr "" ++msgstr "L'URL du serveur Custodia est en écoute sur" + + #: src/config/SSSDConfig/__init__.py.in:141 + msgid "The method to use when authenticating to a Custodia server" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia" + + #: src/config/SSSDConfig/__init__.py.in:142 + msgid "" + "The name of the headers that will be added into a HTTP request with the " + "value defined in auth_header_value" + msgstr "" ++"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur " ++"définie dans auth_header_value" + + #: src/config/SSSDConfig/__init__.py.in:143 + msgid "The value sssd-secrets would use for auth_header_name" +-msgstr "" ++msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name" + + #: src/config/SSSDConfig/__init__.py.in:144 + msgid "" + "The list of the headers to forward to the Custodia server together with the " + "request" + msgstr "" ++"La liste des en-têtes à transmettre au serveur Custodia avec la requête" + + #: src/config/SSSDConfig/__init__.py.in:145 + msgid "" + "The username to use when authenticating to a Custodia server using basic_auth" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia " ++"utilisant basic_auth" + + #: src/config/SSSDConfig/__init__.py.in:146 + msgid "" + "The password to use when authenticating to a Custodia server using basic_auth" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia " ++"utilisant basic_auth" + + #: src/config/SSSDConfig/__init__.py.in:147 + msgid "If true peer's certificate is verified if proxy_url uses https protocol" + msgstr "" ++"Le certificat pair true est vérifié si proxy_url utilise le protocole https" + + #: src/config/SSSDConfig/__init__.py.in:148 + msgid "" + "If false peer's certificate may contain different hostname than proxy_url " + "when https protocol is used" + msgstr "" ++"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url " ++"lorsque le protocole https est utilisé" + + #: src/config/SSSDConfig/__init__.py.in:149 + msgid "Path to directory where certificate authority certificates are stored" +-msgstr "" ++msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA" + + #: src/config/SSSDConfig/__init__.py.in:150 + msgid "Path to file containing server's CA certificate" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur" + + #: src/config/SSSDConfig/__init__.py.in:151 + msgid "Path to file containing client's certificate" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant le certificat du client" + + #: src/config/SSSDConfig/__init__.py.in:152 + msgid "Path to file containing client's private key" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant la clé privée du client" + + #: src/config/SSSDConfig/__init__.py.in:155 + msgid "Identity provider" +@@ -473,15 +495,15 @@ msgstr "Fournisseur d'identité de l'hôte" + + #: src/config/SSSDConfig/__init__.py.in:162 + msgid "SELinux provider" +-msgstr "" ++msgstr "Fournisseur SELinux" + + #: src/config/SSSDConfig/__init__.py.in:163 + msgid "Session management provider" +-msgstr "" ++msgstr "Fournisseur de gestion de session" + + #: src/config/SSSDConfig/__init__.py.in:166 + msgid "Whether the domain is usable by the OS or by applications" +-msgstr "" ++msgstr "Si le domaine est utilisable par l'OS ou par des applications" + + #: src/config/SSSDConfig/__init__.py.in:167 + msgid "Minimum user ID" +@@ -533,10 +555,14 @@ msgid "" + "How long should SSSD talk to single DNS server before trying next server " + "(miliseconds)" + msgstr "" ++"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant " ++"d'essayer le serveur suivant (en millisecondes)" + + #: src/config/SSSDConfig/__init__.py.in:177 + msgid "How long should keep trying to resolve single DNS query (seconds)" + msgstr "" ++"Combien de temps faut-il continuer à essayer de résoudre une seule requête " ++"DNS (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:178 + msgid "How long to wait for replies from DNS when resolving servers (seconds)" +@@ -598,7 +624,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:196 + msgid "Override the DNS server used to perform the DNS update" +-msgstr "" ++msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS" + + #: src/config/SSSDConfig/__init__.py.in:197 + msgid "Control enumeration of trusted domains" +@@ -614,15 +640,18 @@ msgstr "Listes des options qui doivent être héritées dans le sous-domaine" + + #: src/config/SSSDConfig/__init__.py.in:200 + msgid "Default subdomain homedir value" +-msgstr "" ++msgstr "Valeur par défaut du sous-domaine homedir" + + #: src/config/SSSDConfig/__init__.py.in:201 + msgid "How long can cached credentials be used for cached authentication" + msgstr "" ++"Combien de temps les informations d'identification en cache peuvent-elles " ++"être utilisées pour l'authentification en cache" + + #: src/config/SSSDConfig/__init__.py.in:204 + msgid "Whether to automatically create private groups for users" + msgstr "" ++"S'il faut créer automatiquement des groupes privés pour les utilisateurs" + + #: src/config/SSSDConfig/__init__.py.in:207 + msgid "IPA domain" +@@ -716,19 +745,23 @@ msgstr "Classe d'objet surchargeant les groupes" + + #: src/config/SSSDConfig/__init__.py.in:229 + msgid "Search base for Desktop Profile related objects" +-msgstr "" ++msgstr "Base de recherche pour les objets liés au Profil du Bureau" + + #: src/config/SSSDConfig/__init__.py.in:230 + msgid "" + "The amount of time in seconds between lookups of the Desktop Profile rules " + "against the IPA server" + msgstr "" ++"Le temps, en secondes, entre les consultations des règles du profil du " ++"bureau sur le serveur IPA" + + #: src/config/SSSDConfig/__init__.py.in:231 + msgid "" + "The amount of time in minutes between lookups of Desktop Profiles rules " + "against the IPA server when the last request did not find any rule" + msgstr "" ++"Le temps en minutes entre les consultations des règles de profile de bureau " ++"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle" + + #: src/config/SSSDConfig/__init__.py.in:234 + msgid "Active Directory domain" +@@ -736,7 +769,7 @@ msgstr "Domaine Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:235 + msgid "Enabled Active Directory domains" +-msgstr "" ++msgstr "Domaine d’Active Directory activés" + + #: src/config/SSSDConfig/__init__.py.in:236 + msgid "Active Directory server address" +@@ -751,7 +784,7 @@ msgid "Active Directory client hostname" + msgstr "Nom de système du client Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtre LDAP pour déterminer les autorisations d'accès" + +@@ -835,220 +868,232 @@ msgstr "un site particulier utilisé par le client" + msgid "" + "Maximum age in days before the machine account password should be renewed" + msgstr "" ++"Âge maximum en jours avant que le mot de passe du compte de la machine ne " ++"soit renouvelé" + + #: src/config/SSSDConfig/__init__.py.in:254 + msgid "Option for tuning the machine account renewal task" ++msgstr "Option de réglage de la tâche de renouvellement du compte machine" ++ ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adresse du serveur Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adresse du serveur Kerberos de secours" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Domaine Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Délai avant expiration de l'authentification" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Choisir de créer ou non les fichiers kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Où déposer les extraits de configuration krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Répertoire pour stocker les caches de crédits" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Emplacement du cache de crédits de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Emplacement du fichier keytab de validation des crédits" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Activer la validation des crédits" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure " + "en ligne" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Durée de vie renouvelable du TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Durée de vie du TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Durée entre deux vérifications pour le renouvellement" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Active FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Sélectionne le principal à utiliser avec FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Active la canonisation du principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Active les principals d'entreprise" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" ++"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Serveur où tourne le service de changement de mot de passe s'il n'est pas " + "sur le KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, l'adresse du serveur LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, l'URI du serveur LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "La base DN par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" +-msgstr "" ++msgstr "Mode utilisé pour modifier le mot de passe utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Le DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Le type de jeton d'authentification du DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Le jeton d'authentification du DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Durée pendant laquelle il sera tenté d'établir la connexion" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "N'utiliser que des majuscules pour les noms de domaine" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fichier contenant les certificats des CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Chemin vers le répertoire de certificats des CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fichier contenant le certificat client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fichier contenant la clé du client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Liste des suites de chiffrement possibles" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requiert une vérification de certificat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Spécifier le mécanisme SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Spécifier l'identité d'authorisation SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Spécifier le domaine d'authorisation SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Service du fichier keytab de Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Suivre les référents LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Durée de vie du TGT pour la connexion LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Comment déréférencer les alias" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nom du service pour les recherches DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Nombre de membres qui doivent être manquants pour activer un déréférencement " + "complet" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1056,389 +1101,389 @@ msgstr "" + "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le " + "nom d'hôte pendant une connexion SASL ?" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "attribut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "attribut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Combien de temps conserver la connexion au serveur LDAP avant de se " + "déconnecter" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Désactiver le contrôle des pages LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Désactiver la récupération de plage Active Directory." + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Durée d'attente pour une requête de recherche" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Durée d'attente pour une requête d'énumération" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Durée entre deux mises à jour d'énumération" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Durée entre les nettoyages de cache" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS est requis pour les recherches d'identifiants" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-" + "établis" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN pour les recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Scope des recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtre pour les recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Classe d'objet pour les utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Attribut de nom d'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Attribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Attribut de GID primaire" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Attribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Attribut de répertoire utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Attribut d'interpréteur de commandes" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "attribut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "attribut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Groupe primaire Active Directory pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Attribut d'utilisateur principal (pour Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nom complet" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Attribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Attribut de date de modification" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Attribut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Attribut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Attribut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Attribut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Attribut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Attribut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Attribut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut listant les services PAM autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" +-msgstr "Attribut listant les systèmes serveurs autorisés" ++msgstr "Attribut listant les hôtes de serveurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" +-msgstr "" ++msgstr "Attribut listant les rhosts de serveurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Attribut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Attribut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Attribut indiquant que la stratégie de mot de passe du serveur est active" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Attribut AD accountExpires" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Attribut AD userAccountControl" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Attribut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Attribut NDS loginDisabled" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Attribut NDS loginExpirationTime" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Attribut NDS loginAllowedTimeMap" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut de clé public SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "attribut énumérant les types d'authentification autorisés pour un utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "attribut contenant le certificat X509 de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" +-msgstr "" ++msgstr "attribut contenant l’adresse email de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Une liste des attributs supplémentaires à télécharger avec l'entrée de " + "l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN de base pour les recherches de groupes" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Classe d'objet pour les groupes" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nom du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Mot de passe du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Attribut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Attribut membre du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "attribut de l'UUID du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Attribut de date de modification pour les groupes" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Type de groupe et autres indicateurs" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" +-msgstr "" ++msgstr "L'attribut de membre externe du groupe LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" +-msgstr "" ++msgstr "Le niveau d'imbrication maximal du SSSD suivra" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN de base pour les recherches de netgroup" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Classe d'objet pour les groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nom du groupe réseau" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Attribut des membres des groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Attribut triplet du groupe réseau" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Attribut date de modification pour les groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Nom de domaine (DN) de base pour les recherches de service" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Classe objet pour les services" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Attribut de nom de service" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Attribut de port du service" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Attribut de service du protocole" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Limite inférieure pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Limite supérieure pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Nombre d'ID par tranche pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nom du domaine par défaut pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID du domaine par défaut pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" +-msgstr "" ++msgstr "Nombre de tranches secondaires" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Choisir d'utiliser ou non les groupes de jetons" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN pour les requêtes sur ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" +-msgstr "" ++msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Stratégie d'évaluation de l'expiration du mot de passe" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Quels attributs utiliser pour déterminer si un compte a expiré" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot " + "de passe" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1446,23 +1491,23 @@ msgstr "" + "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un " + "changement de mot de passe" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Périodicité de rafraichissement total" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Périodicité de rafraichissement intelligent" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1470,139 +1515,140 @@ msgstr "" + "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour " + "filtrer les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles " + "sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Inclure ou non les règles qui contiennent une expression rationnelle dans " + "l'attribut host" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Classe objet pour les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" ++"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Règle de nom sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut de commande de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Attribut hôte de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Attribut utilisateur de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Attribut option de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Attribut de règle sudo runas" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Attribut runasuser de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Attribut runasgroup de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Attribut notbefore de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Attribut notafter de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Attribut d'ordre de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Classe objet pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Nom de l'attribut de carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Classe objet pour l'entrée de référence de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Attribut de clé d'entrée pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Attribut de valeur pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Base DN pour les requêtes de carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Liste, séparée par des virgules, d'utilisateurs interdits" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Interpréteur de commande par défaut : /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base pour les répertoires utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." +-msgstr "" ++msgstr "Le nombre d'enfants proxy pré-fourche." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nom de la bibliothèque NSS à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Rechercher le nom canonique du groupe dans le cache si possible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pile PAM à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." +-msgstr "" ++msgstr "Chemin des sources des fichiers passwd." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." +-msgstr "" ++msgstr "Chemin des sources des fichiers de groupe." + + #: src/monitor/monitor.c:2355 + msgid "Become a daemon (default)" +@@ -1614,7 +1660,7 @@ msgstr "Fonctionner en interactif (non démon)" + + #: src/monitor/monitor.c:2360 + msgid "Disable netlink interface" +-msgstr "" ++msgstr "Désactiver l'interface netlink" + + #: src/monitor/monitor.c:2362 src/tools/sssctl/sssctl_logs.c:311 + msgid "Specify a non-default config file" +@@ -1622,11 +1668,11 @@ msgstr "Définir un fichier de configuration différent de celui par défaut" + + #: src/monitor/monitor.c:2364 + msgid "Refresh the configuration database, then exit" +-msgstr "" ++msgstr "Rafraîchissez la base de données de configuration, puis quittez" + + #: src/monitor/monitor.c:2367 + msgid "Similar to --genconf, but only refreshes the given section" +-msgstr "" ++msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée" + + #: src/monitor/monitor.c:2370 + msgid "Print version number and exit" +@@ -1634,7 +1680,7 @@ msgstr "Afficher le numéro de version et quitte" + + #: src/monitor/monitor.c:2514 + msgid "SSSD is already running\n" +-msgstr "" ++msgstr "SSSD est déjà en cours d'exécution\n" + + #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:624 + msgid "Debug level" +@@ -1666,31 +1712,31 @@ msgstr "Le groupe à utiliser pour la création du ccache FAST" + + #: src/providers/krb5/krb5_child.c:3249 + msgid "Kerberos realm to use" +-msgstr "" ++msgstr "Domaine Kerberos à utiliser" + + #: src/providers/krb5/krb5_child.c:3251 + msgid "Requested lifetime of the ticket" +-msgstr "" ++msgstr "Demande de renouvellement à vie du billet" + + #: src/providers/krb5/krb5_child.c:3253 + msgid "Requested renewable lifetime of the ticket" +-msgstr "" ++msgstr "Demande de renouvellement à vie du billet" + + #: src/providers/krb5/krb5_child.c:3255 + msgid "FAST options ('never', 'try', 'demand')" +-msgstr "" ++msgstr "Options FAST ('never', 'try', 'demand')" + + #: src/providers/krb5/krb5_child.c:3258 + msgid "Specifies the server principal to use for FAST" +-msgstr "" ++msgstr "Spécifie le principal de serveur afin d'utiliser FAST." + + #: src/providers/krb5/krb5_child.c:3260 + msgid "Requests canonicalization of the principal name" +-msgstr "" ++msgstr "Demande la canonisation du nom principal" + + #: src/providers/krb5/krb5_child.c:3262 + msgid "Use custom version of krb5_get_init_creds_password" +-msgstr "" ++msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password" + + #: src/providers/data_provider_be.c:711 + msgid "Domain of the information provider (mandatory)" +@@ -1716,11 +1762,11 @@ msgstr "SSSD n'est pas démarré par root." + + #: src/sss_client/common.c:1091 + msgid "SSSD socket does not exist." +-msgstr "" ++msgstr "La socket SSSD n'existe pas." + + #: src/sss_client/common.c:1094 + msgid "Cannot get stat of SSSD socket." +-msgstr "" ++msgstr "Impossible d'obtenir le stat du socket SSSD." + + #: src/sss_client/common.c:1099 + msgid "An error occurred, but no description can be found." +@@ -1802,7 +1848,7 @@ msgstr "Premier facteur :" + + #: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343 + msgid "Second Factor (optional): " +-msgstr "" ++msgstr "Deuxième facteur (facultatif) : " + + #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346 + msgid "Second Factor: " +@@ -1814,7 +1860,7 @@ msgstr "Mot de passe : " + + #: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345 + msgid "First Factor (Current Password): " +-msgstr "" ++msgstr "Premier facteur (mot de passe actuel) : " + + #: src/sss_client/pam_sss.c:2349 + msgid "Current Password: " +@@ -1864,7 +1910,7 @@ msgstr "Le port à utiliser pour se connecter à l'hôte" + + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 + msgid "Print the host ssh public keys" +-msgstr "" ++msgstr "Imprimer les clés publiques ssh de l'hôte" + + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234 + msgid "Invalid port\n" +@@ -1881,7 +1927,7 @@ msgstr "Le chemin vers la commande de proxy doit être absolue\n" + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324 + #, c-format + msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n" +-msgstr "" ++msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n" + + #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 + msgid "The UID of the user" +@@ -2342,7 +2388,7 @@ msgstr "Impossible d'invalider %1$s %2$s\n" + + #: src/tools/sss_cache.c:721 + msgid "Invalidate all cached entries" +-msgstr "" ++msgstr "Invalidez toutes les entrées en cache" + + #: src/tools/sss_cache.c:723 + msgid "Invalidate particular user" +@@ -2394,11 +2440,11 @@ msgstr "Invalider tous les hôtes SSH" + + #: src/tools/sss_cache.c:752 + msgid "Invalidate particular sudo rule" +-msgstr "" ++msgstr "Invalider une règle sudo particulière" + + #: src/tools/sss_cache.c:754 + msgid "Invalidate all cached sudo rules" +-msgstr "" ++msgstr "Invalider toutes les règles sudo en cache" + + #: src/tools/sss_cache.c:757 + msgid "Only invalidate entries from a particular domain" +@@ -2409,6 +2455,8 @@ msgid "" + "Unexpected argument(s) provided, options that invalidate a single object " + "only accept a single provided argument.\n" + msgstr "" ++"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet " ++"n'acceptent qu'un seul argument fourni.\n" + + #: src/tools/sss_cache.c:821 + msgid "Please select at least one object to invalidate\n" +@@ -2445,298 +2493,307 @@ msgstr "%1$s doit être lancé en tant que root\n" + + #: src/tools/sssctl/sssctl.c:35 + msgid "yes" +-msgstr "" ++msgstr "oui" + + #: src/tools/sssctl/sssctl.c:37 + msgid "no" +-msgstr "" ++msgstr "non" + + #: src/tools/sssctl/sssctl.c:39 + msgid "error" +-msgstr "" ++msgstr "erreur" + + #: src/tools/sssctl/sssctl.c:42 + msgid "Invalid result." +-msgstr "" ++msgstr "Résultat non valide." + + #: src/tools/sssctl/sssctl.c:78 + msgid "Unable to read user input\n" +-msgstr "" ++msgstr "Impossible de lire l'entrée de l'utilisateur\n" + + #: src/tools/sssctl/sssctl.c:91 + #, c-format + msgid "Invalid input, please provide either '%s' or '%s'.\n" +-msgstr "" ++msgstr "Entrée non valable, veuillez fournir %s ou %s\n" + + #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114 + msgid "Error while executing external command\n" +-msgstr "" ++msgstr "Erreur lors de l'exécution d'une commande externe\n" + + #: src/tools/sssctl/sssctl.c:156 + msgid "SSSD needs to be running. Start SSSD now?" +-msgstr "" ++msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?" + + #: src/tools/sssctl/sssctl.c:195 + msgid "SSSD must not be running. Stop SSSD now?" + msgstr "" ++"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?" + + #: src/tools/sssctl/sssctl.c:231 + msgid "SSSD needs to be restarted. Restart SSSD now?" +-msgstr "" ++msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?" + + #: src/tools/sssctl/sssctl_cache.c:31 + #, c-format + msgid " %s is not present in cache.\n" +-msgstr "" ++msgstr " %s n'est pas présent dans le cache.\n" + + #: src/tools/sssctl/sssctl_cache.c:33 + msgid "Name" +-msgstr "" ++msgstr "Nom" + + #: src/tools/sssctl/sssctl_cache.c:34 + msgid "Cache entry creation date" +-msgstr "" ++msgstr "Date de création de l'entrée en cache" + + #: src/tools/sssctl/sssctl_cache.c:35 + msgid "Cache entry last update time" +-msgstr "" ++msgstr "Heure de la dernière mise à jour de l'entrée du cache" + + #: src/tools/sssctl/sssctl_cache.c:36 + msgid "Cache entry expiration time" +-msgstr "" ++msgstr "Temps d'expiration de l'entrée du cache" + + #: src/tools/sssctl/sssctl_cache.c:37 + msgid "Cached in InfoPipe" +-msgstr "" ++msgstr "Mise en cache dans InfoPipe" + + #: src/tools/sssctl/sssctl_cache.c:522 + #, c-format + msgid "Error: Unable to get object [%d]: %s\n" +-msgstr "" ++msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n" + + #: src/tools/sssctl/sssctl_cache.c:538 + #, c-format + msgid "%s: Unable to read value [%d]: %s\n" +-msgstr "" ++msgstr "%s: Impossible de lire la valeur [%d] : %s\n" + + #: src/tools/sssctl/sssctl_cache.c:566 + msgid "Specify name." +-msgstr "" ++msgstr "Indiquez le nom." + + #: src/tools/sssctl/sssctl_cache.c:576 + #, c-format + msgid "Unable to parse name %s.\n" +-msgstr "" ++msgstr "Impossible d'analyser le nom %s.\n" + + #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649 + msgid "Search by SID" +-msgstr "" ++msgstr "Recherche par SID" + + #: src/tools/sssctl/sssctl_cache.c:603 + msgid "Search by user ID" +-msgstr "" ++msgstr "Recherche par ID utilisateur" + + #: src/tools/sssctl/sssctl_cache.c:612 + msgid "Initgroups expiration time" +-msgstr "" ++msgstr "Délai d'expiration des initgroups" + + #: src/tools/sssctl/sssctl_cache.c:650 + msgid "Search by group ID" +-msgstr "" ++msgstr "Recherche par ID de groupe" + + #: src/tools/sssctl/sssctl_config.c:70 + #, c-format + msgid "Failed to open %s\n" +-msgstr "" ++msgstr "N’a pas pu ouvrir %s\n" + + #: src/tools/sssctl/sssctl_config.c:75 + #, c-format + msgid "File %1$s does not exist.\n" +-msgstr "" ++msgstr "Le fichier %1$s n’existe pas.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" + "File ownership and permissions check failed. Expected root:root and 0600.\n" + msgstr "" ++"La vérification de la propriété et des permissions des fichiers a échoué. " ++"Attendue : root:root et 0600.\n" + + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Echec du chargement de la configuration à partir de %s.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Erreur lors de la lecture du répertoire de configuration.\n" + + #: src/tools/sssctl/sssctl_config.c:99 + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" ++"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut " ++"avec le fournisseur de fichiers.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Échec de l'exécution des validateurs" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format + msgid "Issues identified by validators: %zu\n" +-msgstr "" ++msgstr "Problèmes identifiés par les validateurs : %zu\n" + + #: src/tools/sssctl/sssctl_config.c:126 + #, c-format + msgid "Messages generated during configuration merging: %zu\n" +-msgstr "" ++msgstr "Messages générés lors de la fusion des configurations : %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 + #, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "" ++msgstr "Fichiers de configuration utilisés : %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format + msgid "Unable to create backup directory [%d]: %s" +-msgstr "" ++msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s" + + #: src/tools/sssctl/sssctl_data.c:95 + msgid "SSSD backup of local data already exists, override?" +-msgstr "" ++msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?" + + #: src/tools/sssctl/sssctl_data.c:111 + msgid "Unable to export user overrides\n" +-msgstr "" ++msgstr "Impossible d'exporter les substitutions d'utilisateur\n" + + #: src/tools/sssctl/sssctl_data.c:118 + msgid "Unable to export group overrides\n" +-msgstr "" ++msgstr "Impossible d'exporter les substitutions de groupes\n" + + #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217 + msgid "Override existing backup" +-msgstr "" ++msgstr "Remplacer la sauvegarde existante" + + #: src/tools/sssctl/sssctl_data.c:164 + msgid "Unable to import user overrides\n" +-msgstr "" ++msgstr "Impossible d'importer les substitutions d'utilisateur\n" + + #: src/tools/sssctl/sssctl_data.c:173 + msgid "Unable to import group overrides\n" +-msgstr "" ++msgstr "Impossible d'importer les substitutions de groupes\n" + + #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82 + #: src/tools/sssctl/sssctl_domains.c:328 + msgid "Start SSSD if it is not running" +-msgstr "" ++msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution" + + #: src/tools/sssctl/sssctl_data.c:195 + msgid "Restart SSSD after data import" +-msgstr "" ++msgstr "Redémarrer SSSD après l'importation des données" + + #: src/tools/sssctl/sssctl_data.c:218 + msgid "Create clean cache files and import local data" +-msgstr "" ++msgstr "Créer des fichiers de cache propres et importer des données locales" + + #: src/tools/sssctl/sssctl_data.c:219 + msgid "Stop SSSD before removing the cache" +-msgstr "" ++msgstr "Arrêtez SSSD avant de supprimer le cache" + + #: src/tools/sssctl/sssctl_data.c:220 + msgid "Start SSSD when the cache is removed" +-msgstr "" ++msgstr "Démarrer SSSD lorsque le cache est supprimé" + + #: src/tools/sssctl/sssctl_data.c:235 + msgid "Creating backup of local data...\n" +-msgstr "" ++msgstr "Création d'une sauvegarde des données locales...\n" + + #: src/tools/sssctl/sssctl_data.c:238 + msgid "Unable to create backup of local data, can not remove the cache.\n" + msgstr "" ++"Impossible de créer une sauvegarde des données locales, impossible de " ++"supprimer le cache.\n" + + #: src/tools/sssctl/sssctl_data.c:243 + msgid "Removing cache files...\n" +-msgstr "" ++msgstr "Suppression des fichiers de cache...\n" + + #: src/tools/sssctl/sssctl_data.c:246 + msgid "Unable to remove cache files\n" +-msgstr "" ++msgstr "Impossible de supprimer les fichiers de cache\n" + + #: src/tools/sssctl/sssctl_data.c:251 + msgid "Restoring local data...\n" +-msgstr "" ++msgstr "Restauration des données locales...\n" + + #: src/tools/sssctl/sssctl_domains.c:83 + msgid "Show domain list including primary or trusted domain type" + msgstr "" ++"Afficher la liste des domaines, y compris le type de domaine principal ou de " ++"confiance" + + #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367 + #: src/tools/sssctl/sssctl_user_checks.c:95 + msgid "Unable to connect to system bus!\n" +-msgstr "" ++msgstr "Impossible de se connecter au bus système !\n" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Online" +-msgstr "" ++msgstr "En ligne" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Offline" +-msgstr "" ++msgstr "Hors ligne" + + #: src/tools/sssctl/sssctl_domains.c:167 + #, c-format + msgid "Online status: %s\n" +-msgstr "" ++msgstr "Statut en ligne : %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 + msgid "This domain has no active servers.\n" +-msgstr "" ++msgstr "Ce domaine n'a pas de serveurs actifs.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +-msgstr "" ++msgstr "Serveurs actifs :\n" + + #: src/tools/sssctl/sssctl_domains.c:230 + msgid "not connected" +-msgstr "" ++msgstr "non connecté" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Aucun serveur découvert.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format + msgid "Discovered %s servers:\n" +-msgstr "" ++msgstr "%s serveurs découverts :\n" + + #: src/tools/sssctl/sssctl_domains.c:285 + msgid "None so far.\n" +-msgstr "" ++msgstr "Aucun pour l'instant.\n" + + #: src/tools/sssctl/sssctl_domains.c:325 + msgid "Show online status" +-msgstr "" ++msgstr "Afficher le statut en ligne" + + #: src/tools/sssctl/sssctl_domains.c:326 + msgid "Show information about active server" +-msgstr "" ++msgstr "Afficher les informations sur le serveur actif" + + #: src/tools/sssctl/sssctl_domains.c:327 + msgid "Show list of discovered servers" +-msgstr "" ++msgstr "Afficher la liste des serveurs découverts" + + #: src/tools/sssctl/sssctl_domains.c:333 + msgid "Specify domain name." +-msgstr "" ++msgstr "Indiquer le nom de domaine." + + #: src/tools/sssctl/sssctl_domains.c:355 + msgid "Out of memory!\n" +-msgstr "" ++msgstr "Plus de mémoire disponible !\n" + + #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385 + msgid "Unable to get online status\n" +-msgstr "" ++msgstr "Impossible d'obtenir le statut en ligne\n" + + #: src/tools/sssctl/sssctl_domains.c:395 + msgid "Unable to get server list\n" +-msgstr "" ++msgstr "Impossible d'obtenir la liste des serveurs\n" + + #: src/tools/sssctl/sssctl_logs.c:47 + msgid "\n" +@@ -2744,92 +2801,92 @@ msgstr "\n" + + #: src/tools/sssctl/sssctl_logs.c:237 + msgid "Delete log files instead of truncating" +-msgstr "" ++msgstr "Supprimer les fichiers de log au lieu de tronquer" + + #: src/tools/sssctl/sssctl_logs.c:248 + msgid "Deleting log files...\n" +-msgstr "" ++msgstr "Suppression des fichiers journaux...\n" + + #: src/tools/sssctl/sssctl_logs.c:251 + msgid "Unable to remove log files\n" +-msgstr "" ++msgstr "Impossible de supprimer les fichiers journaux\n" + + #: src/tools/sssctl/sssctl_logs.c:257 + msgid "Truncating log files...\n" +-msgstr "" ++msgstr "Troncature des fichiers de journalisation...\n" + + #: src/tools/sssctl/sssctl_logs.c:260 + msgid "Unable to truncate log files\n" +-msgstr "" ++msgstr "Impossible de tronquer les fichiers de journalisation\n" + + #: src/tools/sssctl/sssctl_logs.c:286 + msgid "Out of memory!" +-msgstr "" ++msgstr "Plus de mémoire disponible !" + + #: src/tools/sssctl/sssctl_logs.c:289 + #, c-format + msgid "Archiving log files into %s...\n" +-msgstr "" ++msgstr "Archivage des fichiers journaux dans %s...\n" + + #: src/tools/sssctl/sssctl_logs.c:292 + msgid "Unable to archive log files\n" +-msgstr "" ++msgstr "Impossible d'archiver les fichiers journaux\n" + + #: src/tools/sssctl/sssctl_logs.c:317 + msgid "Specify debug level you want to set" +-msgstr "" ++msgstr "Spécifiez le niveau de débogage que vous souhaitez définir" + + #: src/tools/sssctl/sssctl_user_checks.c:117 + msgid "SSSD InfoPipe user lookup result:\n" +-msgstr "" ++msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:167 + #, c-format + msgid "dlopen failed with [%s].\n" +-msgstr "" ++msgstr "dlopen a échoué avec [%s].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:174 + #, c-format + msgid "dlsym failed with [%s].\n" +-msgstr "" ++msgstr "dlopen a échoué avec [%s].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:182 + msgid "malloc failed.\n" +-msgstr "" ++msgstr "malloc a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:189 + #, c-format + msgid "sss_getpwnam_r failed with [%d].\n" +-msgstr "" ++msgstr "sss_getpwnam_r a échoué avec [%d].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:194 + msgid "SSSD nss user lookup result:\n" +-msgstr "" ++msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:195 + #, c-format + msgid " - user name: %s\n" +-msgstr "" ++msgstr " - user name: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:196 + #, c-format + msgid " - user id: %d\n" +-msgstr "" ++msgstr " - user id: %d\n" + + #: src/tools/sssctl/sssctl_user_checks.c:197 + #, c-format + msgid " - group id: %d\n" +-msgstr "" ++msgstr " - group id: %d\n" + + #: src/tools/sssctl/sssctl_user_checks.c:198 + #, c-format + msgid " - gecos: %s\n" +-msgstr "" ++msgstr " - gecos: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:199 + #, c-format + msgid " - home directory: %s\n" +-msgstr "" ++msgstr " - home directory: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:200 + #, c-format +@@ -2837,18 +2894,20 @@ msgid "" + " - shell: %s\n" + "\n" + msgstr "" ++" - shell: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:232 + msgid "PAM action [auth|acct|setc|chau|open|clos], default: " +-msgstr "" ++msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : " + + #: src/tools/sssctl/sssctl_user_checks.c:235 + msgid "PAM service, default: " +-msgstr "" ++msgstr "Service PAM, par défaut : " + + #: src/tools/sssctl/sssctl_user_checks.c:240 + msgid "Specify user name." +-msgstr "" ++msgstr "Spécifiez le nom d'utilisateur." + + #: src/tools/sssctl/sssctl_user_checks.c:247 + #, c-format +@@ -2858,45 +2917,53 @@ msgid "" + "service: %s\n" + "\n" + msgstr "" ++"utilisateur: %s\n" ++"action: %s\n" ++"service: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:252 + #, c-format + msgid "User name lookup with [%s] failed.\n" +-msgstr "" ++msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:257 + #, c-format + msgid "InfoPipe User lookup with [%s] failed.\n" +-msgstr "" ++msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:263 + #, c-format + msgid "pam_start failed: %s\n" +-msgstr "" ++msgstr "pam_start a échoué : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:268 + msgid "" + "testing pam_authenticate\n" + "\n" + msgstr "" ++"test de pam_authenticate\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:272 + #, c-format + msgid "pam_get_item failed: %s\n" +-msgstr "" ++msgstr "pam_get_item a échoué : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:275 + #, c-format + msgid "" + "pam_authenticate for user [%s]: %s\n" + "\n" +-msgstr "" ++msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:278 + msgid "" + "testing pam_chauthtok\n" + "\n" + msgstr "" ++"test pam_chauthtok\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:280 + #, c-format +@@ -2904,12 +2971,16 @@ msgid "" + "pam_chauthtok: %s\n" + "\n" + msgstr "" ++"pam_chauthtok: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:282 + msgid "" + "testing pam_acct_mgmt\n" + "\n" + msgstr "" ++"test de pam_acct_mgmt\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:284 + #, c-format +@@ -2917,12 +2988,16 @@ msgid "" + "pam_acct_mgmt: %s\n" + "\n" + msgstr "" ++"pam_acct_mgmt: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:286 + msgid "" + "testing pam_setcred\n" + "\n" + msgstr "" ++"test de pam_setcred\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:288 + #, c-format +@@ -2930,12 +3005,16 @@ msgid "" + "pam_setcred: [%s]\n" + "\n" + msgstr "" ++"pam_setcred: [%s]\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:290 + msgid "" + "testing pam_open_session\n" + "\n" + msgstr "" ++"test pam_open_session\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:292 + #, c-format +@@ -2943,12 +3022,16 @@ msgid "" + "pam_open_session: %s\n" + "\n" + msgstr "" ++"pam_open_session: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:294 + msgid "" + "testing pam_close_session\n" + "\n" + msgstr "" ++"test pam_close_session\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:296 + #, c-format +@@ -2956,18 +3039,20 @@ msgid "" + "pam_close_session: %s\n" + "\n" + msgstr "" ++"pam_close_session: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:298 + msgid "unknown action\n" +-msgstr "" ++msgstr "action inconnue\n" + + #: src/tools/sssctl/sssctl_user_checks.c:301 + msgid "PAM Environment:\n" +-msgstr "" ++msgstr "Environnement PAM :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:309 + msgid " - no env -\n" +-msgstr "" ++msgstr " - no env -\n" + + #: src/util/util.h:82 + msgid "The user ID to run the server as" +@@ -2979,8 +3064,8 @@ msgstr "L'identifiant de groupe sous lequel faire tourner le serveur" + + #: src/util/util.h:92 + msgid "Informs that the responder has been socket-activated" +-msgstr "" ++msgstr "Informe que le répondeur a été activé par un socket" + + #: src/util/util.h:94 + msgid "Informs that the responder has been dbus-activated" +-msgstr "" ++msgstr "Informe que le répondeur a été activé par un dbus" +diff --git a/po/hu.po b/po/hu.po +index d49e39451..820671425 100644 +--- a/po/hu.po ++++ b/po/hu.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" +@@ -697,7 +697,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -768,737 +768,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-kiszolgáló címe" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-tartomány" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Időtúllépés azonosításkor" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, az LDAP szerver URI-ja" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Alapértelmezett LDAP alap-DN-je" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Az LDAP szerveren használt séma-típus, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Az alapértelmezett bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "A kapcsolódási próbálkozás időtartama" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "A CA tanusítványokat tartalmazó fájl" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS tanusítvány ellenőrzése" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS megkövetelése ID keresésekor" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Teljes név" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Csoport neve" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Csoport jelszava" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Alapértelmezett shell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/id.po b/po/id.po +index 3ffde26aa..cce27c3b3 100644 +--- a/po/id.po ++++ b/po/id.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:46+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Alamat server Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Realm Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI server LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Lamanya waktu untuk mencoba koneksi" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Membutuhkan verifikasi sertifikat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Tentukan mekanisme sasl yang digunakan" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Tentukan id otorisasi sasl yang digunakan" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Tentukan id otorisasi sasl yang digunakan" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab layanan Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Lingkup pencarian pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter pencarian pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass untuk pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atribut Nama pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atribut GID Primer" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atribut direktori Home" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atribut Shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atribut utama pengguna (untuk Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nama Lengkap" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atribut waktu modifikasi" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell default, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/it.po b/po/it.po +index d01ff1b41..6de4012ac 100644 +--- a/po/it.po ++++ b/po/it.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-03-06 08:57+0000\n" + "Last-Translator: Milo Casagrande \n" + "Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/" +@@ -709,7 +709,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtro LDAP per determinare i privilegi di accesso" + +@@ -780,738 +780,747 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Indirizzo del server Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Realm Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Timeout di autenticazione" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directory in cui salvare le credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Percorso della cache delle credenziali utente" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Percorso del keytab per la validazione delle credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Abilita la validazione delle credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Intervallo di tempo tra due controlli di rinnovo" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Abilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server dove viene eseguito il servizio di cambio password, se non nel KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, l'indirizzo del server LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Il base DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Il bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Il tipo di token di autenticazione del bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Il token di autenticazione del bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Durata del tentativo di connessione" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Durata tra tentativi di riconnessione quando offline" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Usare solo maiuscole per i nomi dei realm" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "File contenente i certificati CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Percorso della directory dei cerficati della CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "File contenente il certificato client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "File contenente la chiave client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista delle possibili cipher suite" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Richiedere la verifica del certificato TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Specificare il meccanismo sasl da usare" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Specificare l'id di autorizzazione sasl da usare" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Specificare l'id di autorizzazione sasl da usare" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab del servizio Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Usare autorizzazione Kerberos per la connessione LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguire i referral LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Metodo di deferenziazione degli alias" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Durata attesa per le richieste di ricerca" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Durata tra gli aggiornamenti alle enumeration" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Intervallo di tempo per la pulizia cache" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Richiedere TLS per gli ID lookup" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN per i lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Ambito di applicazione dei lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro per i lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass per gli utenti" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Attributo del nome utente" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Attributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Attributo del GID primario" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Attributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Attributo della home directory" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Attributo della shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Attributo user principal (per Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nome completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Attributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Attributo data di modifica" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Politica per controllare la scadenza della password" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista separata da virgola degli utenti abilitati" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista separata da virgola degli utenti non abilitati" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell predefinita, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base delle home directory" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Il nome della libreria NSS da usare" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Stack PAM da usare" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ja.po b/po/ja.po +index 9056f7385..856cce635 100644 +--- a/po/ja.po ++++ b/po/ja.po +@@ -6,13 +6,14 @@ + # Tomoyuki KATO , 2012-2013 + # Noriko Mizumoto , 2016. #zanata + # Keiko Moriguchi , 2019. #zanata ++# Ludek Janda , 2020. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-10-07 11:46+0000\n" +-"Last-Translator: Keiko Moriguchi \n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2020-01-14 01:48+0000\n" ++"Last-Translator: Copied by Zanata \n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/" + "ja/)\n" + "Language: ja\n" +@@ -96,7 +97,7 @@ msgid "" + "files." + msgstr "" + "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" +-"クトリです。" ++"クトリーです。" + + #: src/config/SSSDConfig/__init__.py.in:63 + msgid "Domain to add to names without a domain component." +@@ -168,12 +169,12 @@ msgstr "識別プロバイダーからのホームディレクトリーの値を + msgid "" + "Substitute empty homedir value from the identity provider with this value" + msgstr "" +-"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え" +-"ます" ++"アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換" ++"えます" + + #: src/config/SSSDConfig/__init__.py.in:82 + msgid "Override shell value from the identity provider with this value" +-msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします" ++msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします" + + #: src/config/SSSDConfig/__init__.py.in:83 + msgid "The list of shells users are allowed to log in with" +@@ -210,7 +211,7 @@ msgstr "オンラインログイン中にキャッシュによるログインが + + #: src/config/SSSDConfig/__init__.py.in:92 + msgid "How many failed logins attempts are allowed when offline" +-msgstr "オフラインのときに許容されるログイン試行失敗回数" ++msgstr "オフラインの時に許容されるログイン試行失敗回数" + + #: src/config/SSSDConfig/__init__.py.in:93 + msgid "" +@@ -311,13 +312,14 @@ msgstr "信頼された CA 証明書のストレージへのパス" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "証明書からの ssh-key の生成を許可します" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -419,11 +421,11 @@ msgstr "クライアントの証明書を含むファイルへのパス" + + #: src/config/SSSDConfig/__init__.py.in:152 + msgid "Path to file containing client's private key" +-msgstr "クライアントのプライベートキーを含むファイルへのパス" ++msgstr "クライアントの秘密鍵を含むファイルへのパス" + + #: src/config/SSSDConfig/__init__.py.in:155 + msgid "Identity provider" +-msgstr "アイデンティティプロバイダー" ++msgstr "アイデンティティープロバイダー" + + #: src/config/SSSDConfig/__init__.py.in:156 + msgid "Authentication provider" +@@ -475,7 +477,7 @@ msgstr "すべてのユーザー・グループの列挙を有効にする" + + #: src/config/SSSDConfig/__init__.py.in:170 + msgid "Cache credentials for offline login" +-msgstr "オフラインログインのためにクレディンシャルをキャッシュする" ++msgstr "オフラインログインのためにクレデンシャルをキャッシュする" + + #: src/config/SSSDConfig/__init__.py.in:171 + msgid "Display users/groups in fully-qualified form" +@@ -498,7 +500,7 @@ msgstr "エントリーキャッシュのタイムアウト長(秒)" + #: src/config/SSSDConfig/__init__.py.in:174 + msgid "" + "Restrict or prefer a specific address family when performing DNS lookups" +-msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します" ++msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します" + + #: src/config/SSSDConfig/__init__.py.in:175 + msgid "How long to keep cached entries after last successful login (days)" +@@ -518,7 +520,7 @@ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)" + + #: src/config/SSSDConfig/__init__.py.in:178 + msgid "How long to wait for replies from DNS when resolving servers (seconds)" +-msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)" ++msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)" + + #: src/config/SSSDConfig/__init__.py.in:179 + msgid "The domain part of service discovery DNS query" +@@ -561,7 +563,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:194 + msgid "Whether the nsupdate utility should default to using TCP" +-msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか" ++msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか" + + #: src/config/SSSDConfig/__init__.py.in:195 + msgid "What kind of authentication should be used to perform the DNS update" +@@ -632,7 +634,7 @@ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単 + + #: src/config/SSSDConfig/__init__.py.in:217 + msgid "If set to false, host argument given by PAM will be ignored" +-msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます" ++msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます" + + #: src/config/SSSDConfig/__init__.py.in:218 + msgid "The automounter location this IPA client is using" +@@ -649,7 +651,7 @@ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索 + #: src/config/SSSDConfig/__init__.py.in:221 + #: src/config/SSSDConfig/__init__.py.in:239 + msgid "Enable DNS sites - location based service discovery" +-msgstr "DNS サイトの有効化 - 位置にサービス探索" ++msgstr "DNS サイトの有効化 - 位置ベースのサービス検索" + + #: src/config/SSSDConfig/__init__.py.in:222 + msgid "Search base for view containers" +@@ -720,7 +722,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory クライアントホスト名" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "アクセス権限を決めるための LDAP フィルター" + +@@ -798,209 +800,218 @@ msgstr "マシンアカウントのパスワードの更新が必要となるま + msgid "Option for tuning the machine account renewal task" + msgstr "マシンアカウントの更新タスクをチューニングするオプション" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos サーバーのアドレス" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Kerberos バックアップサーバーのアドレス" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos レルム" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "認証のタイムアウト" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "kdcinfo ファイルを作成するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "krb5 設定スニペットを削除する場所" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" +-msgstr "クレディンシャルのキャッシュを保存するディレクトリー" ++msgstr "クレデンシャルのキャッシュを保存するディレクトリー" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" +-msgstr "ユーザーのクレディンシャルキャッシュの位置" ++msgstr "ユーザーのクレデンシャルキャッシュの位置" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" +-msgstr "クレディンシャルを検証するキーテーブルの場所" ++msgstr "クレデンシャルを検証するキーテーブルの場所" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" +-msgstr "クレディンシャルの検証を有効にする" ++msgstr "クレデンシャルの検証を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "更新可能な TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "更新を確認する間隔" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "FAST を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "FAST に使用するプリンシパルを選択する" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "プリンシパル正規化を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "エンタープライズ・プリンシパルの有効化" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "デフォルトのベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "ユーザーのパスワードの変更にモードを使用しました" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "デフォルトのバインド DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "デフォルトのバインド DN の認証トークンの種類" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "デフォルトのバインド DN の認証トークン" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "接続を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "LDAP 同期操作を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "オフラインの間に再接続を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "レルム名に対して大文字のみを使用する" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "CA 証明書を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "CA 証明書のディレクトリーのパス" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "クライアント証明書を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "クライアントの鍵を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "利用可能な暗号の一覧" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS 証明書の検証を要求する" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "使用する SASL メカニズムを指定する" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "使用する SASL 認可 ID を指定する" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "使用する SASL 認可レルムを指定する" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "LDAP SASL 認可の最小 SSF を指定する" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "LDAP SASL 認可の最小 SSF を指定する" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberos サービスのキーテーブル" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "LDAP 接続に対して Kerberos 認証を使用する" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "LDAP リフェラルにしたがう" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "LDAP 接続の TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "エイリアスを参照解決する方法" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "DNS サービス検索のサービス名" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" +-msgstr "単一の LDAP 問い合わせにおいて取得するレコード数" ++msgstr "単一の LDAP クエリーにおいて取得するレコード数" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1008,400 +1019,400 @@ msgstr "" + "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す" + "るかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN 属性" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN 属性" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "LDAP サーバーを切断する前に接続を保持する時間" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "LDAP ページング制御を無効化する" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Active Directory 範囲の取得の無効化" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "検索要求を待つ時間" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "列挙の要求を待つ時間" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "列挙の更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "キャッシュをクリーンアップする間隔" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "ID 検索に TLS を要求する" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "ユーザー検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "ユーザー検索の範囲" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "ユーザー検索のフィルター" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "ユーザーのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "ユーザー名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID の属性" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "プライマリー GID の属性" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS の属性" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" +-msgstr "ホームディレクトリの属性" ++msgstr "ホームディレクトリーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "シェルの属性" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "UUID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "ID マッピングの Active Directory プライマリーグループ属性" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "ユーザープリンシパルの属性(Kerberos 用)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "氏名" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf 属性" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange 属性" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin 属性" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax 属性" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning 属性" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive 属性" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire 属性" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag 属性" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "認可された PAM サービスを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "認可されたサーバーホストを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "認可されたサーバー rhosts を一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange 属性" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration 属性" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "サーバー側パスワードポリシーが有効であることを意味する属性" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "AD の accountExpires 属性" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "AD の userAccountControl 属性" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock 属性" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "NDS の loginDisabled 属性" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "NDS の loginExpirationTime 属性" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "NDS の loginAllowedTimeMap 属性" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "SSH 公開鍵の属性" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "ユーザー用に許可された認証タイプを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "ユーザーの X509 証明書を含む属性" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "ユーザーの電子メールアドレスを含む属性" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "グループ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "グループのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "グループ名" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "グループのパスワード" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "グループメンバー属性" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "グループ UUID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "グループの変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "グループおよび他のフラグのタイプ" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "LDAP グループの外部メンバーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "SSSD が従う最大ネストレベル" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "ネットグループ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "ネットグループのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "ネットグループ名" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "ネットグループメンバーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "ネットグループの三つ組の属性" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "ネットグループの変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "サービス検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "サービスのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "サービス名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "サービスポートの属性" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "サービスプロトコルの属性" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "ID マッピングの下限" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "ID マッピングの上限" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "ID マッピングするとき、各スライスに対する ID の数" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "ID マッピングに対するデフォルトドメインの名前" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "ID マッピングに対するデフォルトドメインの SID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "セカンダリースライスの数" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Token-Group を使うかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "LDAP サーバーから許可される ID の下限の設定" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "LDAP サーバーから許可される ID の上限の設定" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "ppolicy クエリーの DN" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "ワイルドカードの要求の間に取得する最大エントリーの数" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "パスワード失効の評価のポリシー" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "どのルールがアクセス制御を評価するために使用されるか" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "パスワードの変更が許可される LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "LDAP パスワードの変更サーバーの DNS サービス名" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "sudo ルール検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "自動的な完全更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "自動的なスマート更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう" + "か" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1409,134 +1420,134 @@ msgstr "" + "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン" + "名" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット" + "ワーク" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "ホスト属性に正規表現を含むルールを含めるかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "sudo ルールのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "sudo ルール名" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "sudo ルールのコマンドの属性" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "sudo ルールのホストの属性" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "sudo ルールのユーザーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "sudo ルールのオプションの属性" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "sudo ルールの runas の属性" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "sudo ルールの runasuser の属性" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "sudo ルールの runasgroup の属性" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "sudo ルールの notbefore の属性" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "sudo ルールの notafter の属性" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "sudo ルールの order の属性" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "automounter マップのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "オートマウントのマップ名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "automounter マップエントリーのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" +-msgstr "automounter マップエントリーのキー属性" ++msgstr "automounter マップエントリーの鍵属性" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "automounter マップエントリーの値属性" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "automonter のマップ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "許可ユーザーのカンマ区切り一覧" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "禁止ユーザーのカンマ区切り一覧" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "デフォルトのシェル, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "ホームディレクトリーのベース" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." +-msgstr "事前にフォークされた子プロキシの数" ++msgstr "事前にフォークされた子プロキシーの数。" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "使用する NSS ライブラリーの名前" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "使用する PAM スタック" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "passwd ファイルソースへのパス" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "グループファイルソースへのパス" + +@@ -1642,7 +1653,7 @@ msgstr "公開ソケットの所有者またはパーミッションが誤って + + #: src/sss_client/common.c:1085 + msgid "Unexpected format of the server credential message." +-msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。" ++msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。" + + #: src/sss_client/common.c:1088 + msgid "SSSD is not run by root." +@@ -1683,7 +1694,7 @@ msgstr "root によるパスワードのリセットはサポートされませ + + #: src/sss_client/pam_sss.c:526 + msgid "Authenticated with cached credentials" +-msgstr "キャッシュされているクレディンシャルを用いて認証されました" ++msgstr "キャッシュされているクレデンシャルを用いて認証されました" + + #: src/sss_client/pam_sss.c:527 + msgid ", your cached password will expire at: " +@@ -1717,7 +1728,7 @@ msgstr "" + + #: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789 + msgid "Password change failed. " +-msgstr "パスワードの変更に失敗しました。 " ++msgstr "パスワードの変更に失敗しました。" + + #: src/sss_client/pam_sss.c:2008 + msgid "New Password: " +@@ -1737,7 +1748,7 @@ msgstr "2 番目の要素 (オプション): " + + #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346 + msgid "Second Factor: " +-msgstr "2 番目の要素: " ++msgstr "2 番目の要素: " + + #: src/sss_client/pam_sss.c:2190 + msgid "Password: " +@@ -2055,17 +2066,17 @@ msgstr "マジックプライベート " + #: src/tools/sss_groupshow.c:615 + #, c-format + msgid "%1$s%2$sGroup: %3$s\n" +-msgstr "%1$s%2$s グループ: %3$s\n" ++msgstr "%1$s%2$sGroup: %3$s\n" + + #: src/tools/sss_groupshow.c:618 + #, c-format + msgid "%1$sGID number: %2$d\n" +-msgstr "%1$s GID 番号: %2$d\n" ++msgstr "%1$sGID 番号: %2$d\n" + + #: src/tools/sss_groupshow.c:620 + #, c-format + msgid "%1$sMember users: " +-msgstr "%1$s メンバーユーザー: " ++msgstr "%1$sMember ユーザー: " + + #: src/tools/sss_groupshow.c:627 + #, c-format +@@ -2074,7 +2085,7 @@ msgid "" + "%1$sIs a member of: " + msgstr "" + "\n" +-"%1$s は次のメンバー: " ++"%1$sIs は次のメンバー: " + + #: src/tools/sss_groupshow.c:634 + #, c-format +@@ -2083,7 +2094,7 @@ msgid "" + "%1$sMember groups: " + msgstr "" + "\n" +-"%1$s メンバーグループ: " ++"%1$sMember グループ: " + + #: src/tools/sss_groupshow.c:670 + msgid "Print indirect group members recursively" +@@ -2138,7 +2149,7 @@ msgstr "SELinux ログインコンテキストをリセットできません\n" + #, c-format + msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" + msgstr "" +-"警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n" ++"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n" + + #: src/tools/sss_userdel.c:278 + msgid "Cannot determine if the user was logged in on this platform" +@@ -2463,14 +2474,14 @@ msgid "Search by group ID" + msgstr "グループ ID で検索" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "名前 %s を構文解析できません。\n" ++msgstr "%s を開くことに失敗しました\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "SSSD ソケットは存在しません。" ++msgstr "ファイル %1$s は存在しません。\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2482,24 +2493,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "%s からの設定のロードに失敗しました。\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"ファイル %1$s は存在しません。SSSD は、ファイルプロバイダーでデフォルトの設定" +-"を使用します。\n" ++"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま" ++"す。\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "バリデーターの実行に失敗しました" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2512,14 +2522,14 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "設定のマージ中に生成されたメッセージ: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "設定スニペットファイルを使用: %u\n" ++msgstr "使用された設定スニペットファイル: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format + msgid "Unable to create backup directory [%d]: %s" +-msgstr "バックアップディレクトリー [%d] の作成に失敗: %s" ++msgstr "バックアップディレクトリー [%d] を作成できません: %s" + + #: src/tools/sssctl/sssctl_data.c:95 + msgid "SSSD backup of local data already exists, override?" +@@ -2597,7 +2607,7 @@ msgstr "" + #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367 + #: src/tools/sssctl/sssctl_user_checks.c:95 + msgid "Unable to connect to system bus!\n" +-msgstr "システムバスに接続できません!\n" ++msgstr "システムバスに接続できません。\n" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Online" +@@ -2613,9 +2623,8 @@ msgid "Online status: %s\n" + msgstr "オンライン状態: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "アクティブサーバーに関する情報の表示" ++msgstr "このドメインには、アクティブなサーバーはありません。\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2627,12 +2636,12 @@ msgstr "接続していません" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "サーバーが見つかりません。\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format + msgid "Discovered %s servers:\n" +-msgstr "%s サーバーを発見:\n" ++msgstr "%s サーバーが見つかりました:\n" + + #: src/tools/sssctl/sssctl_domains.c:285 + msgid "None so far.\n" +@@ -2648,7 +2657,7 @@ msgstr "アクティブサーバーに関する情報の表示" + + #: src/tools/sssctl/sssctl_domains.c:327 + msgid "Show list of discovered servers" +-msgstr "発見されたサーバーに関する一覧を表示" ++msgstr "見つかったサーバーに関する一覧を表示" + + #: src/tools/sssctl/sssctl_domains.c:333 + msgid "Specify domain name." +@@ -2656,7 +2665,7 @@ msgstr "ドメイン名を指定します。" + + #: src/tools/sssctl/sssctl_domains.c:355 + msgid "Out of memory!\n" +-msgstr "メモリの空き容量がありません。\n" ++msgstr "メモリーの空き容量がありません。\n" + + #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385 + msgid "Unable to get online status\n" +@@ -2692,12 +2701,12 @@ msgstr "ログファイルの切り捨てができません\n" + + #: src/tools/sssctl/sssctl_logs.c:286 + msgid "Out of memory!" +-msgstr "メモリの空き容量がありません。" ++msgstr "メモリーの空き容量がありません。" + + #: src/tools/sssctl/sssctl_logs.c:289 + #, c-format + msgid "Archiving log files into %s...\n" +-msgstr "ログファイルを %s へアーカイブ...\n" ++msgstr "ログファイルを %s へアーカイブ中...\n" + + #: src/tools/sssctl/sssctl_logs.c:292 + msgid "Unable to archive log files\n" +@@ -2851,7 +2860,9 @@ msgstr "" + msgid "" + "testing pam_acct_mgmt\n" + "\n" +-msgstr "pam_acct_mgmt のテスト中\n" ++msgstr "" ++"pam_acct_mgmt のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:284 + #, c-format +@@ -2883,7 +2894,9 @@ msgstr "" + msgid "" + "testing pam_open_session\n" + "\n" +-msgstr "pam_open_session のテスト中\n" ++msgstr "" ++"pam_open_session のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:292 + #, c-format +@@ -2898,7 +2911,9 @@ msgstr "" + msgid "" + "testing pam_close_session\n" + "\n" +-msgstr "pam_close_session のテスト中\n" ++msgstr "" ++"pam_close_session のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:296 + #, c-format +diff --git a/po/nb.po b/po/nb.po +index 4b616074d..39289bb60 100644 +--- a/po/nb.po ++++ b/po/nb.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:46+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Tjeneradresse for Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-område" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Tidsavbrudd for autentisering" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/nl.po b/po/nl.po +index 7c9399f67..75a6bc564 100644 +--- a/po/nl.po ++++ b/po/nl.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:47+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +@@ -740,7 +740,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory cliënt hostnaam" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-filter om toegangsprivileges mee te bepalen" + +@@ -811,217 +811,226 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-serveradres" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Kerberos back-up server adres" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-rijk" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Authenticatie timeout" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Moeten kdcinfo bestanden aangemaakt worden" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Locatie van de authenticatiecache van de gebruiker" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Locatie van de keytab om authenticatiegegevens te valideren" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Schakel authenticatiegegevensvalidatie in" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Sla het wachtwoord op indien offline voor later gebruik bij online " + "authenticatie" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Vernieuwbare levensduur van de TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Levensduur van de TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Tijd tussen twee checks voor vernieuwing" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Zet FAST aan" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Zet hoofdpersoon sanctioneren aan" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Zet enterprise principals aan" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, de URI van de LDAP server" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, De URI van de LDAP server" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "De standaard base DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "De standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Het type authenticatietoken van de standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Het authenticatietoken van de standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Hoe lang pogen te verbinden" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Hoe lang proberen synchroon LDAP te benaderen" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " + "offline zijn" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Bestand dat de bekende CA-certificaten bevat" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Pad naar de CA-certificatenmap" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Bestand dat het client certificaat bevat" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Bestand dat de client sleutel bevat" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lijst van mogelijke sleutel suites" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Vereis verificatie van het TLS-certificaat" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Specificeer het te gebruiken sasl autorisatiegebied " + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberos service keytab" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Volg LDAP-doorverwijzingen" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Levensduur van TGT voor LDAP-connectie" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Hoe moet de alias referentie verwijderd worden" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Service naam voor DNS service opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Het aantal leden van moet ontbreken om een volledige de-referentie te " + "veroorzaken" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1029,382 +1038,382 @@ msgstr "" + "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " + "autoriseren tijdens een SASL binding" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " + "losgekoppeld wordt" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Het LDAP paging besturingselement uitschakelen" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Zet Active Directory bereik opvragen uit" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tijd om te wachten op een zoekopdracht" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Tijdsduur te wachten voor een opsommingsverzoek" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tijd om te wachten tussen enumeratie-updates" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Tijdsduur tussen cache opschoningen" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Vereis TLS voor het opzoeken van ID's" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Scope voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass voor gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Username-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primair GID-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Gebruikersmap-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Active Directory primaire groep attribuut voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Userprincipal-attribuut (voor Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Volledige naam" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Modification time-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribuut voor tonen van geautoriseerde PAM services" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribuut dat geautoriseerde server hosts toont" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "accountExpires attribuut van AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "userAccountControl attribuut van AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "SSH publieke sleutel attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Basis DN voor groep opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objectklasse voor groepen" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Groepsnaam" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Groep wachtwoord" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Groep deelnemer attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Verandertijd attribuut voor groepen" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Basis DN voor netgroep opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objectklasse voor netgroepen" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Netgroep naam" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Netgroep leden attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Netgroep triple attibuut" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Verandertijd attribuut voor netgroepen" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Basis DN voor service lookups" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objectclass voor services" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Service naam attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Service port attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Service protocol attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Ondergrens voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Bovengrens voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Aantal ID's voor elk segment bij ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Naam van het standaard domein voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID van het standaard domein voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Policy om wacthwoordverloop mee te evalueren" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS service naam voor LDAP wachtwoord verander server" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1412,23 +1421,23 @@ msgstr "" + "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een " + "wachtwoordwijziging" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Basis DN voor sudo regels lookups" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Automatische volledige ververs periode" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Automatische slimme ververs periode" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1436,137 +1445,137 @@ msgstr "" + "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor " + "het filteren van sudo regels" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo " + "regels" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut " + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Moeten regels toegevoegd worden die regulaire expressie bevatten in host " + "attribuut " + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objectklasse voor sudo regels" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo regelnaam" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Sudo regel opdracht attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Sudo regel host attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Sudo regel gebruiker attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Sudo regel optie attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Sudo regel runasuser attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Sudo regel runasgroup attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Sudo regel notbefore attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Sudo regel notafter attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Sudo regel volgorde attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Object class voor automounter maps" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Automounter map naam attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objectklasse voor automounter map ingaven" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Automounter map sleutel ingave attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Automounter map ingavewaarde attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Basis DN voor automounter kaart opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Kommagescheiden lijst van toegestane gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Kommagescheiden lijst van geweigerde gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Standaard shell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Basis voor gebruikersmappen" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden " + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "PAM-stack die gebruikt wordt" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/pl.po b/po/pl.po +index c5ca94f8e..e52db1707 100644 +--- a/po/pl.po ++++ b/po/pl.po +@@ -14,8 +14,8 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-08-26 02:06+0000\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2019-12-02 12:32+0000\n" + "Last-Translator: Piotr Drąg \n" + "Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/" + "pl/)\n" +@@ -333,13 +333,15 @@ msgstr "Ścieżka do miejsca przechowywania zaufanych certyfikatów CA" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Zezwala na tworzenie kluczy SSH z certyfikatów" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Używa poniższych reguł dopasowania do filtrowania certyfikatów do tworzenia " ++"kluczy SSH" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -765,7 +767,7 @@ msgid "Active Directory client hostname" + msgstr "Nazwa komputera klienta Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtr LDAP do określenia uprawnień dostępu" + +@@ -848,214 +850,223 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "Opcja dostrajania zadania odnawiania konta komputera" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adres serwera Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adres zapasowego serwera Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Obszar Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Czas oczekiwania na uwierzytelnienie" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Określa, czy tworzyć pliki kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Gdzie umieścić wstawki konfiguracji krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Włącza sprawdzanie danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia " + "w trybie online" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Odnawialny czas trwania TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Czas trwania TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Czas między dwoma sprawdzaniami odnowy" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Włącza FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Wybiera naczelnika do użycia dla FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Włącza ujednolicanie naczelnika" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Włącza naczelników enterprise" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " + "się w KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, adres URI serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, adres URI serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Domyślna podstawowa DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Tryb używany do zmiany hasła użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Domyślne DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Token uwierzytelniania domyślnego DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Czas do próby połączenia" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Czas do próby synchronicznych działań LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Czas między próbami ponownego połączenia w trybie offline" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Użycie tylko wielkich znaków w nazwach obszarów" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Plik zawierający certyfikaty CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Ścieżka do katalogu certyfikatów CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Plik zawierający certyfikat klienta" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Plik zawierający klucz klienta" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista możliwych zestawów szyfrów" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Wymaga sprawdzenia certyfikatu TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Podaje używany mechanizm SASL" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Podaje używany identyfikator upoważnienia SASL" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Podaje obszar upoważnienia SASL do użycia" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Tablica kluczy usługi Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Podąża za odsyłaniami LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Czas trwania TGT dla połączenia LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Jak wskazywać aliasy" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nazwa usługi do wyszukiwań usługi DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1063,381 +1074,381 @@ msgstr "" + "Określa, czy biblioteka LDAP ma wykonywać odwrotne wyszukanie, aby " + "ujednolicić nazwę komputera podczas dowiązania SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "Atrybut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "Atrybut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Wyłącza kontrolę stronicowania LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Wyłącza pobieranie zakresu Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Czas oczekiwania na żądanie wyszukiwania" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Czas oczekiwania na żądanie wyliczenia" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Czas między aktualizacjami wyliczania" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Czas między czyszczeniem pamięci podręcznej" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych " + "identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Podstawowe DN dla wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Zakres wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtruje wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Klasa obiektów dla użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atrybut nazwy użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atrybut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Pierwszy atrybut GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atrybut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atrybut katalogu domowego" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atrybut powłoki" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Atrybut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Atrybut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atrybut głównego użytkownika (dla Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Imię i nazwisko" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atrybut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atrybut czasu modyfikacji" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Atrybut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Atrybut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Atrybut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Atrybut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Atrybut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Atrybut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Atrybut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Atrybut zawierający listę upoważnionych usług PAM" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Atrybut zawierający listę upoważnionych rhosts serwera" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Atrybut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Atrybut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Atrybut accountExpires AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Atrybut userAccountControl AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Atrybut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Atrybut loginDisabled NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Atrybut loginExpirationTime NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Atrybut loginAllowedTimeMap NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Atrybut klucza publicznego SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atrybut zawierający certyfikat X509 użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "atrybut zawierający adres e-mail użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Podstawowe DN dla wyszukiwania grup" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Klasa obiektów dla grup" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nazwa grupy" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Hasło grupy" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Atrybut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Atrybut elementu grupy" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Atrybut UUID grupy" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Atrybut czasu modyfikacji grup" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typ grupy i inne flagi" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Atrybut zewnętrznego członka grupy LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Klasa obiektów dla grup sieciowych" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nazwa grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Atrybut elementów grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Potrójny atrybut grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Atrybut czasu modyfikacji grup sieciowych" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Podstawowe DN do wyszukiwania usług" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Klasa obiektów dla usług" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Atrybut nazwy usługi" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Atrybut portu usługi" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Atrybut protokołu usługi" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Niższa granica dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Wyższa granica dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + "Liczba identyfikatorów dla każdego fragmentu podczas mapowania " + "identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID domyślnej domeny dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Liczba drugorzędnych fragmentów" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Czy używać Token-Groups" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN dla zapytań polityki" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Ile maksymalnie wpisów pobierać podczas żądania z wieloznacznikiem" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Polityka do oszacowania wygaszenia hasła" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Które atrybuty mają być używane do sprawdzenia, czy konto wygasło" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Które reguły mają być używane do sprawdzania kontroli dostępu" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1445,24 +1456,24 @@ msgstr "" + "Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie " + "hasła" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Podstawowe DN dla wyszukiwań reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Okres między automatycznymi pełnymi odświeżeniami" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Okres między automatycznymi inteligentnymi odświeżeniami" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1470,138 +1481,138 @@ msgstr "" + "Nazwy komputerów lub w pełni kwalifikowane nazwy domen tego komputera do " + "filtrowania reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie " + "komputera" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Klasa obiektów dla reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "Nazwa atrybutu używanego jako klasa obiektów dla reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nazwa reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Atrybut polecenia reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Atrybut komputera reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Atrybut użytkownika reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Atrybut opcji reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Atrybut runas reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Atrybut runasuser reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Atrybut runasgroup reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Atrybut notbefore reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Atrybut notafter reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Atrybut kolejności reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Klasa obiektów dla map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Atrybut nazwy mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Klasa obiektów dla wpisów map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Atrybut klucza wpisu mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Atrybut wartości wpisu mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Podstawowe DN dla wyszukiwań map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Domyślna powłoka, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Podstawa katalogów domowych" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Liczba elementów potomnych pośrednika przed rozwidleniem." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nazwa używanej biblioteki NSS" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli " + "to możliwe" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Używany stos PAM" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Ścieżka źródeł pliku „passwd”." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Ścieżka źródeł pliku „group”." + +@@ -2533,14 +2544,14 @@ msgid "Search by group ID" + msgstr "Wyszukuje według identyfikatorów grup" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Nie można przetworzyć nazwy %s.\n" ++msgstr "Otwarcie %s się nie powiodło\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "Gniazdo SSSD nie istnieje." ++msgstr "Plik %1$s nie istnieje.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2552,24 +2563,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Plik %1$s nie istnieje. Usługa SSSD użyje domyślnej konfiguracji z dostawcą " ++"Nie ma konfiguracji. Usługa SSSD użyje domyślnej konfiguracji z dostawcą " + "plików.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Uruchomienie programów sprawdzających poprawność się nie powiodło" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2582,9 +2592,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Komunikaty utworzone podczas łączenia konfiguracji: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Użyte pliki wstawek konfiguracji: %u\n" ++msgstr "Użyte pliki wstawek konfiguracji: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2681,9 +2691,8 @@ msgid "Online status: %s\n" + msgstr "Stan online: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Wyświetla informacje o aktywnym serwerze" ++msgstr "Ta domena nie ma aktywnych serwerów.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2695,7 +2704,7 @@ msgstr "nie połączono" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Nie wykryto żadnych serwerów.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format +diff --git a/po/pt.po b/po/pt.po +index 6f983d38a..de61e356f 100644 +--- a/po/pt.po ++++ b/po/pt.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:47+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +@@ -703,7 +703,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -774,739 +774,748 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Endereço do servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reino Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Tempo de expiração da autenticação" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directório para armazenar as caches de credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Localização da cache de credenciais dos utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Localização da tabela de chaves (keytab) para validar credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Activar validação de credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Servidor onde está em execução o serviço de alteração de senha, se não " + "coincide com o KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, O URI do servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "A base DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "O DN por omissão para a ligação" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "O tipo de token de autenticação do bind DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "O token de autenticação do bind DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Período de tempo para tentar ligação" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tempo de espera para tentar operações LDAP síncronas" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Ficheiro que contêm os certificados CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Caminho para o directório do certificado CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Obriga a verificação de certificados TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especificar mecanismo sasl a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifique o id sasl para utilizar na autorização" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especifique o id sasl para utilizar na autorização" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Separador chave do serviço Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utilizar autenticação Kerberos para ligações LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguir os referrals LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tempo de espera por um pedido de pesquisa" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Período de tempo entre enumeração de actualizações" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requer TLS para consultas de ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base para pesquisa de utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Âmbito das pesquisas do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro para as pesquisas do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass para utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atributo do nome do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atributo GID primário" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atributo da pasta pessoal" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atributo da Shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atributo principal do utilizador (para Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nome Completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atributo da alteração da data" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Politica para avaliar a expiração da senha" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista de utilizadores autorizados separados por vírgulas" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista de utilizadores não autorizados separados por vírgulas" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell pré-definida, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Directório base para as pastas pessoais" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "O nome da biblioteca NSS a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Stack PAM a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/pt_BR.po b/po/pt_BR.po +index dc03ba658..3a0f0a15a 100644 +--- a/po/pt_BR.po ++++ b/po/pt_BR.po +@@ -3,7 +3,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2015-10-27 08:15+0000\n" + "Last-Translator: Marco Aurélio Krause \n" + "Language-Team: Portuguese (Brazil)\n" +@@ -689,7 +689,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -760,737 +760,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ru.po b/po/ru.po +index d8e586b20..8af743d55 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2016-02-23 10:04+0000\n" + "Last-Translator: Oleksii Levan \n" + "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" +@@ -720,7 +720,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Фильтр LDAP для определения прав доступа" + +@@ -791,740 +791,749 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Имя сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Область действия Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Тайм-аут проверки подлинности" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Каталог для хранения кэшей учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Расположения кэша учётных данных пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Расположение keytab-файла для проверки учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Включить проверку учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "При отсутствии соединения сохранить пароль и пройти аутентификацию позже" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI сервера LDAP " + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Base DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Маркер проверки подлинности для bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Временной интервал для попытки соединения" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Временной интервал для попытки синхронизации операций LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Временной интервал между попытками возобновления соединения в автономного " + "режиме" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл содержащий сертификаты CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Путь к каталогу с сертификатами CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Требуется проверка сертификата TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Укажите механизм sasl" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Укажите идентификатор авторизации sasl" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Укажите идентификатор авторизации sasl" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab-файл службы Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Следовать ссылкам LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Время жизни TGT для LDAP-соединений" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Временной интервал, в течение которого ожидать поискового запроса" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Временной интервал между обновлениями перечисления" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Требовать TLS для запросов ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN для поиска" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Глубина поиска" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Фильтр поиска" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass для пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Атрибут «username»" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Атрибут «UID»" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Атрибут «primary GID»" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Атрибут «GECOS»" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Атрибут домашнего каталога" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Атрибут оболочки" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Атрибут участника-пользователя (для Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Полное имя" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Атрибут memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Атрибут времени изменения" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Политика вычисления окончания срока действия пароля" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Разделённый запятыми список разрешённых пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Разделённый запятыми список запрещённых пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Оболочка по умолчанию, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Место для домашних каталогов" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Имя используемой библиотеки NSS" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Используемый стек PAM" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/sssd.pot b/po/sssd.pot +index 8c0091882..2270e49d6 100644 +--- a/po/sssd.pot ++++ b/po/sssd.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME \n" + "Language-Team: LANGUAGE \n" +@@ -692,7 +692,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -763,737 +763,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/sv.po b/po/sv.po +index 646f33eee..243c4e2d9 100644 +--- a/po/sv.po ++++ b/po/sv.po +@@ -11,7 +11,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-09-29 04:12+0000\n" + "Last-Translator: Göran Uddeborg \n" + "Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/" +@@ -742,7 +742,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory-klientvärdnamn" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-filter för att bestämma åtkomstprivilegier" + +@@ -825,210 +825,219 @@ msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas" + msgid "Option for tuning the machine account renewal task" + msgstr "Flagga för att trimma maskinkontots förnyelseuppgift" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adress till Kerberosserver" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adress till reservserver för Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberosrike" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Autentiseringstidsgräns" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Huruvida kdcinfo-filer skall skapas" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Var konfigurationssnuttar för krb5 skall läggas" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Katalog att lagra kreditiv-cachar i" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Plats för användarens kreditiv-cache" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Plats för nyckeltabellen för att validera kreditiv" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Aktivera validering av kreditiv" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Förnybar livstid för TGT:n" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Livstid för TGT:n" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Tid mellan två kontroller av förnyelse" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Aktiverar FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Väljer huvudman att använda för FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Aktivera kanonisk form av huvudman" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Aktiverar företagshuvudmän" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "En översättning från användarnamn till Kerberos huvudmansnamn" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI:n för LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, URI:n för LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Standard bas-DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Schematypen som används i LDAP-servern, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Läge som används för att ändra användares lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typen på autentiserings-token för standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Autentiserings-token för standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Tidslängd att försöka ansluta" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tidslängd att försöka synkrona LDAP-operationer" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tidslängd mellan försök att återansluta vid frånkoppling" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Använd endast versaler för namn på riken" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fil som innehåller CA-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Sökväg till katalogen med CA-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fil som innehåller klientcertifikatet" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fil som innehåller klientnyckeln" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista över möjliga chiffersviter" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Kräv TLS-certifikatverifiering" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Ange sasl-mekanismen att använda" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Ange sasl-auktorisering-id att använda" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Ange sasl-auktoriseringsrike att använda" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberostjänstens nyckeltabell" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Använd Kerberosautentisering för LDAP-anslutningar" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Följer LDAP-hänvisningar" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Livslängd på TGT för LDAP-anslutning" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Hur alias skall derefereras" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Tjänstenamn för uppslagning av DNS-tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1036,377 +1045,377 @@ msgstr "" + "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram " + "värdnamnets kanoniska form under en SASL-bindning" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Avaktivera flödesstyrningen (paging) av LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Avaktivera Active Directorys intervallhämtande" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tidslängd att vänta på en sökbegäran" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Tidslängd att vänta på en uppräkningsbegäran" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tidslängd mellan uppräkningsuppdateringar" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Tidslängd mellan cache-tömningar" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Kräv TLS för ID-uppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Använd ID-översättning av objectSID istället för förhandssatta ID:n" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Bas-DN för användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Omfång av användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter för användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objektklass för användare" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Användarnamnsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primärt GID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Hemkatalogattribut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Skalattribut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "UUID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Primärt gruppattribut i Active Directory för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Användarens huvudmansattribut (för Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Fullständigt namn" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "medlemAv-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Modifieringstidsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "attributet shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut för listning av auktoriserade PAM-tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribut för listning av auktoriserade servervärdar" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Attribut för listning av auktoriserade server-rhosts" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "attributet krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "AD:s attribut accountExpires" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "AD:s attribut userAccountControl" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "attributet nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "NDS attribut loginDisabled" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "NDS attribut loginExpirationTime" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "NDS attribut loginAllowedTimeMap" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut för publik SSH-nyckel" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "attribut för listning av tillåtna autentiseringstyper för en användare" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "attribut som innehåller användarens X509-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "attribut som innehåller e-postadresser till användaren" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "En lista över extra attribut att hämta tillsammans med användarposten" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Bas-DN för gruppuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objektklass för grupper" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Gruppnamn" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Grupplösenord" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Gruppmedlemsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Grupp-UUID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Modifieringstidsattribut för grupper" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typen av grupp och andra flaggor" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "LDAP-gruppens externa medlemsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Maximal nästlingsnivå SSSD kommer följa" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Bas-DN för nätgruppuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objektklass för nätgrupper" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nätgruppnamn" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Attribut på nätgruppmedlemmar" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Attribut på nätgruppstripplar" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Modifieringstidsattribut för nätgrupper" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Bas-DN för tjänsteuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objektklass för tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Tjänstenamnsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Tjänsteportsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Tjänsteprotokollsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Undre gräns för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Övre gräns för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Antal ID:n till varje skiva vid ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Använd en autorid-kompatibel algoritm för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Standarddomänens namn för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "Standarddomänens SID för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Antal sekundära skivor" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Huruvida Token-Groups skall användas" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN för ppolicy-frågor" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Hur många poster att maximalt hämta i en joker-begäran" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Policy för att utvärdera utgång av lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1414,24 +1423,24 @@ msgstr "" + "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en " + "ändring av lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Bas-DN för regeluppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Intervall mellan automatisk fullständig omläsning" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Intervall mellan automatisk smart omläsning" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1439,137 +1448,137 @@ msgstr "" + "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för " + "att filtrera sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera " + "sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Huruvida regler som innehåller reguljära uttryck i värdattribut skall " + "inkluderas" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objektklass för sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo-regelnamn" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut för sudo-regelkommandon" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Attribut för sudo-regelvärd" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Attribut för sudo-regelanvändare" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Attribut för sudo-regelflaggor" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Sudo-regel-runas-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Attribut för sudo-runasuser" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Attribut på runasgroup i sudo-regel" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Attribut för sudo-notbefore-regler" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Attribut för sudo-notafter-regler" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Attribut för sudo-order-regler" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objektklass för avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Attribut för namn i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objektklass för poster i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Attribut för postnycklar i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Attribut på postvärde i avbildning för automatmonteraren" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Kommaseparerad lista över tillåtna användare" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Kommaseparerad lista över förbjudna användare" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Standardskal, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Bas för hemkataloger" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Antal ombudsbarn före grening" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Namnet på NSS-biblioteket att använda" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "PAM-stack att använda" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Sökväg till lösenordsfilkällor." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Sökväg till gruppfilkällor." + +@@ -2494,14 +2503,14 @@ msgid "Search by group ID" + msgstr "Sök via grupp-ID" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Kan inte tolka namnet %s.\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "SSSD-uttaget finns inte." ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2520,13 +2529,10 @@ msgid "Error while reading configuration directory.\n" + msgstr "" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Filen %1$s finns inte. SSSD kommer använda standardkonfigurationen med " +-"filleverantörer.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +@@ -2543,9 +2549,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Meddelanden genererade under sammanslagning av konfigurationen: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Använda konfigurationssnuttfiler: %u\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2641,9 +2647,8 @@ msgid "Online status: %s\n" + msgstr "Uppkopplingsstatus: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Visa information om aktiv server" ++msgstr "" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +diff --git a/po/tg.po b/po/tg.po +index 5009cf304..70e00714a 100644 +--- a/po/tg.po ++++ b/po/tg.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:48+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Номи гурӯҳ" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Пароли гурӯҳ" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Аттрибути GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/tr.po b/po/tr.po +index f05e7dca8..a4ba1533f 100644 +--- a/po/tr.po ++++ b/po/tr.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:49+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos sunucu adresi" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/uk.po b/po/uk.po +index 098e0d472..3e73effbc 100644 +--- a/po/uk.po ++++ b/po/uk.po +@@ -14,8 +14,8 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-08-16 05:48+0000\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2019-12-02 08:43+0000\n" + "Last-Translator: Yuri Chornoivan \n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/" + "uk/)\n" +@@ -345,13 +345,15 @@ msgstr "Шлях до сховища надійних сертифікатів + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Дозволити створення ключів SSH з сертифікатів" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Використати вказані нижче відповідні правила для фільтрування сертифікатів " ++"для створення ключів SSH" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -788,7 +790,7 @@ msgid "Active Directory client hostname" + msgstr "Назва клієнтського вузла Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Фільтр LDAP для визначення прав доступу" + +@@ -875,216 +877,226 @@ msgid "Option for tuning the machine account renewal task" + msgstr "" + "Параметр налаштовування завдання оновлення облікових записів комп’ютерів" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Адреса сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Адреса резервного сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Область Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Час очікування на розпізнавання" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Визначає, чи слід створювати файли kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Місце, куди слід скидати фрагменти налаштувань krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Адреса кешу реєстраційних даних користувача" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Увімкнути перевірку реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Поновлюваний строк дії TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Строк дії TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Граничний час між двома перевірками для поновлення" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Вмикає FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Визначає реєстраційний запис, який слід використовувати для FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Вмикає перетворення реєстраційних записів у канонічну форму" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Увімкнути промислові реєстраційні дані" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "Прив’язка імен користувачів до основних імен Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " + "виявити у KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, адреса URI сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, адреса сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Типова базова назва домену" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Режим для зміни пароля користувача" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Типова назва домену прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Тип розпізнавання для типової назви сервера прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Лексема розпізнавання типової назви сервера прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Проміжок часу між спробами встановлення з’єднання" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Проміжок часу між повторними спробами встановлення з’єднання у автономному " + "режимі" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Використовувати для назв областей лише великі літери" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл, що містить сертифікати CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Шлях до каталогу сертифікатів CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Файл, що містить клієнтський сертифікат" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Файл, що містить клієнтський ключ" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Показати список можливих інструментів шифрування" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Потрібна перевірка сертифіката TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Вкажіть механізм SASL, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Вкажіть область уповноваження SASL, яку слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Таблиця ключів служби Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Розпізнавання Kerberos для з’єднання LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Переходити за посиланнями LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Строк дії TGT для з’єднання LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Спосіб розіменування псевдонімів" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Назва служби для пошуків за допомогою служби DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Кількість учасників, яких має не вистачати для вмикання повного скасування " + "посилань" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1092,390 +1104,390 @@ msgstr "" + "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою " + "переведення назв вузлів у канонічну форму під час прив’язки до SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "Атрибут entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "Атрибут lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Вимкнути контроль сторінок у LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Вимкнути отримання діапазонів Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Тривалість очікування на дані запиту пошуку" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Тривалість очікування на дані запиту щодо переліку" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Проміжок часу між оновленнями нумерації" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Проміжок часу між спорожненнями кешу" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Вимагати TLS для пошуків ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Використовувати відповідності ідентифікаторів objectSID замість попередньо " + "встановлених ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Базова назва домену для пошуків користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Діапазон пошуків користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Фільтр пошуку користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Клас об’єктів для користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Атрибут імені користувача" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Атрибут UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Головний атрибут GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Атрибут GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Атрибут домашнього каталогу" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Атрибут оболонки" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Атрибут UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Атрибут objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + "Атрибут основної групи Active Directory для встановлення відповідності " + "ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Повне ім'я" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Атрибут memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Атрибут часу зміни" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Атрибут shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Атрибут shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Атрибут shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Атрибут shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Атрибут shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Атрибут shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Атрибут shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Атрибути зі списком уповноважених служб PAM" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Атрибути зі списком уповноважених серверних вузлів" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Атрибути зі списком уповноважених серверних r-вузлів" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Атрибут krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Атрибут krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Атрибут accountExpires AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Атрибут userAccountControl AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Атрибут nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Атрибут loginDisabled NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Атрибут loginExpirationTime NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Атрибут loginAllowedTimeMap NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Атрибут відкритого ключа SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "атрибут зі списком дозволених типів розпізнавання для користувача" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "атрибут, що містить сертифікат X509 користувача" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "атрибут, що містить адресу електронної пошти користувача" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Список додаткових атрибутів, які слід отримувати разом із записом користувача" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Базова назва домену для пошуків груп" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Клас об’єктів для груп" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Назва групи" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Пароль групи" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Атрибут GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Атрибут членства у групі" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Атрибут UUID групи" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Атрибут часу зміни для груп" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Тип групи та інші прапорці" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Атрибут групи LDAP зовнішнього учасника" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Базова назва домену для пошуків груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Клас об’єктів для груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Назва мережевої групи" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Атрибут членства у групах у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Атрибут трійки груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Атрибут часу зміни для мережевих груп" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Базова сервер назв домену для пошуку служб" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Клас об’єктів для служб" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Атрибут назви служби" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Атрибут порту служби" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Атрибут протоколу служби" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Нижня межа встановлення відповідності ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Верхня межа встановлення відповідності ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + "Кількість ідентифікаторів для кожного зрізу під час встановлення " + "відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + "Використовувати для встановлення відповідності ідентифікаторів алгоритм, " + "сумісний з autorid" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Назва типового домену для встановлення відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID типового домену для встановлення відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Кількість вторинних зрізів" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Визначає, чи слід використовувати крупи реєстраційних записів" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN для запитів щодо ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + "Максимальна кількість записів для отримання під час обробки запитів із " + "замінниками" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Правила оцінки завершення строку дії пароля" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Атрибути які слід використовувати для визначення чинності облікового запису" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + "Правила, які має бути використано для визначення достатності прав доступу" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Назва у службі DNS сервера зміни паролів LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1483,25 +1495,25 @@ msgstr "" + "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після " + "зміни пароля" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Базова назва домену для пошуків правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Період автоматичного повного оновлення даних" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Період автоматичного кмітливого оновлення даних" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та " + "мережами" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1509,141 +1521,141 @@ msgstr "" + "Назви вузлів і/або повні назви у домені для цього комп’ютера для " + "фільтрування списку правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку " + "правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті " + "вузла" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті " + "вузла" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Клас об’єктів для правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "Назва атрибута, який використано як клас об'єктів для правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Назва правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Атрибут команди правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Атрибут вузла правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Атрибут користувача правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Атрибут параметрів правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Атрибут runas правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Атрибут граничного часу початку дії правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Атрибут граничного часу завершення дії правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Атрибут порядку правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Клас об’єктів для карт автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Атрибут назви карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Клас об’єктів для записів карт автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Атрибут ключа запису карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Атрибут значення запису карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Відокремлений комами список дозволених користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Відокремлений комами список заборонених користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Типова оболонка, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Базова адреса домашніх каталогів" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Кількість попередньо відгалужених дочірніх проксі-записів." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Назва бібліотеки NSS, яку слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це " + "можливо" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Стек PAM, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Шлях до початкового тексту файла passwd." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Шлях до початкового тексту файла group." + +@@ -2579,14 +2591,14 @@ msgid "Search by group ID" + msgstr "Шукати за ідентифікатором групи" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Не вдалося обробити ім'я %s.\n" ++msgstr "Не вдалося відкрити %s\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "Сокета SSSD не існує." ++msgstr "Файла %1$s не існує.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2598,24 +2610,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Не вдалося завантажити налаштування з %s.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Помилка під час спроби прочитати каталог налаштувань.\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Файла %1$s не існує. SSSD використовуватиме типові налаштування для модуля " +-"надання даних щодо файлів.\n" ++"Немає налаштувань. SSSD використає типові налаштування для засобу надання " ++"файлів.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Не вдалося запустити засоби перевірки" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2628,9 +2639,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Повідомлення, створені під час об'єднування налаштувань: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Використані файли фрагментів налаштувань: %u\n" ++msgstr "Використаних файлів фрагментів налаштувань: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2730,9 +2741,8 @@ msgid "Online status: %s\n" + msgstr "Стан з'єднання: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Показати дані щодо активного сервера" ++msgstr "У цьому домені немає активних серверів.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2744,7 +2754,7 @@ msgstr "не з’єднано" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Не виявлено жодного сервера.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format +diff --git a/po/zh_CN.po b/po/zh_CN.po +index b040b4350..d936fdaa1 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:50+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos 服务器地址" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "验证超时" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/zh_TW.po b/po/zh_TW.po +index 12a6f8a97..f4e3ba1bc 100644 +--- a/po/zh_TW.po ++++ b/po/zh_TW.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:50+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos 伺服器位址" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "認證逾時" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "儲存憑證快取的目錄" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "使用者憑證快取的位置" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "驗證憑證用的金鑰表格位置" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "啟用憑證驗證" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "需要 TLS 憑證驗證" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "指定要使用的 sasl 機制" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "指定要使用的 sasl 認證 id" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "指定要使用的 sasl 認證 id" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "搜尋請求的等候時間長度" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "全名" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "評估密碼過期時效的策略" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "許可的使用者清單,請使用半形逗號作為分隔" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "預設 shell,/bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "要使用的 NSS 函式庫名稱" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "要使用的 PAM 堆疊" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/src/man/po/br.po b/src/man/po/br.po +index e6f1d4dc7..414322a17 100644 +--- a/src/man/po/br.po ++++ b/src/man/po/br.po +@@ -6,9 +6,9 @@ + # Fulup , 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:51+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" +@@ -300,9 +300,9 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Dre ziouer : true" +@@ -322,16 +322,16 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -360,7 +360,7 @@ msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -658,8 +658,8 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -768,10 +768,8 @@ msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Dre zoiuer : 5" ++msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:512 +@@ -1741,7 +1739,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Dre ziouer : 0" + +@@ -1805,7 +1803,7 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1870,8 +1868,8 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5040,34 +5038,53 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"ldap_connection_expire_offset" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"ldap_connection_expire_timeout." ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5075,14 +5092,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5090,17 +5107,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5110,12 +5127,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5123,17 +5140,30 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5141,7 +5171,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5152,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5161,7 +5191,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "Note: If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5169,26 +5199,26 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "never = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "allow = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5226,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "try = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5204,7 +5234,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "demand = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5212,41 +5242,41 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "hard = Same as demand" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that sssd will recognize." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in /etc/openldap/ldap." + "conf" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5255,32 +5285,32 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See ldap.conf " +@@ -5288,24 +5318,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use tls to protect the channel." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5313,17 +5343,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5334,24 +5364,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5362,12 +5392,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5380,7 +5410,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5392,17 +5422,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5410,49 +5440,49 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally /etc/krb5.keytab" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5460,28 +5490,28 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5493,7 +5523,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5501,7 +5531,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named krb5_kdcip in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5509,39 +5539,39 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see /etc/krb5.conf" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5551,7 +5581,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the sssd_krb5_locator_plugin 8 manual page for more " +@@ -5559,26 +5589,26 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "none - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "shadow - Use shadow 5 style attributes to " +@@ -5586,7 +5616,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "mit_kerberos - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5594,31 +5624,31 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "Note: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5627,56 +5657,56 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5692,12 +5722,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5706,14 +5736,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5722,24 +5752,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5747,19 +5777,19 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "shadow: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "ad: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5768,7 +5798,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "rhds, ipa, 389ds: use the value of ldap_ns_account_lock to check if access is " +@@ -5776,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "nds: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5785,7 +5815,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option must include expire in order for the " +@@ -5793,22 +5823,22 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "filter: use ldap_access_filter" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "lockout: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5818,14 +5848,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + " Please note that this option is superseded by the ppolicy option and might be removed in a future release. " + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "ppolicy: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5838,12 +5868,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "expire: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: These options are useful if users are " +@@ -5853,7 +5883,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5863,63 +5893,63 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "authorized_service: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "host: use the host attribute to determine access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "rhost: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5928,74 +5958,74 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "never: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "searching: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "finding: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "always: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as never by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6006,7 +6036,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6014,24 +6044,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6048,12 +6078,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6061,36 +6091,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6098,14 +6128,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6115,101 +6145,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6218,59 +6248,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6279,22 +6309,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6303,14 +6333,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6318,7 +6348,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6331,27 +6361,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6367,13 +6397,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7903,7 +7933,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7918,7 +7948,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7933,12 +7963,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7959,12 +7989,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7988,17 +8018,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8006,7 +8036,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8033,7 +8063,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8046,12 +8076,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8070,60 +8100,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8237,26 +8267,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9696,9 +9726,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9708,19 +9754,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9730,12 +9776,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9743,7 +9789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9758,7 +9804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9767,7 +9813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9775,7 +9821,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9785,7 +9831,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13904,10 +13950,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "Dre ziouer : 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13923,10 +13967,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "Dre ziouer : 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15429,10 +15471,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "RANNOÙ SERVIJOÙ" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +diff --git a/src/man/po/ca.po b/src/man/po/ca.po +index adf6edf19..e2dfb3ef8 100644 +--- a/src/man/po/ca.po ++++ b/src/man/po/ca.po +@@ -12,9 +12,9 @@ + # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2015-10-18 04:13+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +@@ -334,9 +334,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Per defecte: true" +@@ -359,16 +359,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Per defecte: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -397,7 +397,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Per defecte: 10" + +@@ -592,10 +592,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booleà)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -611,21 +609,11 @@ msgstr "try_inotify (booleà)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar " +-"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify " +-"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es " +-"pot utilitzar l'inotify." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -735,13 +723,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -752,15 +733,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris " +-"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom." +-"domini, per iniciar la sessió. En establir aquesta opció es canvia el " +-"predeterminat d'use_fully_qualified_names a True. No està permès l'ús " +-"d'aquesta opció juntament amb use_fully_qualified_names establert a False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -869,10 +845,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Per defecte: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1911,7 +1885,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Per defecte: 0" + +@@ -1975,7 +1949,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Per defecte: none" + +@@ -2040,8 +2014,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Per defecte: False" +@@ -2363,10 +2337,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2387,10 +2359,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Per defecte: sense establir (no se substituiran els espais)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5378,34 +5348,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Per defecte: 900 (15 minuts)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (enter)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Per defecte: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5413,14 +5404,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5428,17 +5419,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5448,12 +5439,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5461,17 +5452,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (enter)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5479,7 +5485,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5490,7 +5496,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5499,7 +5505,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5507,12 +5513,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5522,7 +5528,7 @@ msgstr "" + "valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5531,7 +5537,7 @@ msgstr "" + "certificat del servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5543,7 +5549,7 @@ msgstr "" + "normalment." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5554,7 +5560,7 @@ msgstr "" + "proporciona un certificat dolent, immediatament s'acaba la sessió." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5565,22 +5571,22 @@ msgstr "" + "immediatament s'acaba la sessió." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Per defecte: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5589,7 +5595,7 @@ msgstr "" + "Certificació que reconeixerà l'<command>sssd</command>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5598,12 +5604,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5617,32 +5623,32 @@ msgstr "" + "correctes." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5650,12 +5656,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5664,12 +5670,12 @@ msgstr "" + "class=\"protocol\">tls</systemitem> per a protegir el canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5677,17 +5683,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5698,24 +5704,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5726,12 +5732,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5744,7 +5750,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5756,17 +5762,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5774,51 +5780,51 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Per defecte: el valor de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Per defecte: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5826,28 +5832,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Per defecte: 86400 (24 hores)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5859,7 +5865,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5870,7 +5876,7 @@ msgstr "" + "retorna a _tcp si no se'n troba cap." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5882,41 +5888,41 @@ msgstr "" + "<quote>krb5_server</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" + "krb5.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5926,7 +5932,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5934,12 +5940,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -5948,7 +5954,7 @@ msgstr "" + "costat del client. S'admeten els valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -5957,7 +5963,7 @@ msgstr "" + "opció no inhabilita les polítiques de contrasenya de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5965,7 +5971,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5977,25 +5983,25 @@ msgstr "" + "contrasenya." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6004,7 +6010,7 @@ msgstr "" + "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6013,29 +6019,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Especifica el nom de servei per utilitzar quan està habilitada la detecció " + "de serveis." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Per defecte: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6045,30 +6051,30 @@ msgstr "" + "dels serveis." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6084,12 +6090,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exemple:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6098,14 +6104,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6114,17 +6120,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Per defecte: Buit" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6133,7 +6139,7 @@ msgstr "" + "d'atributs de control d'accés." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6145,12 +6151,12 @@ msgstr "" + "contrasenya és correcta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "S'admeten els valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6159,7 +6165,7 @@ msgstr "" + "determinar si el compte ha caducat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6168,7 +6174,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6176,7 +6182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6185,7 +6191,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6193,24 +6199,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Llista separada per comes d'opcions de control d'accés. Els valors permesos " + "són:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6220,14 +6226,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6240,12 +6246,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6255,7 +6261,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6265,20 +6271,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6287,31 +6293,31 @@ msgstr "" + "authorizedService per determinar l'accés" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Per defecte: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6320,12 +6326,12 @@ msgstr "" + "s'utilitza més d'una vegada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6334,22 +6340,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6358,13 +6364,13 @@ msgstr "" + "es fa una cerca. S'admeten les opcions següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6374,7 +6380,7 @@ msgstr "" + "de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6383,7 +6389,7 @@ msgstr "" + "només en localitzar l'objecte base de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6392,7 +6398,7 @@ msgstr "" + "en la recerca i en la localització de l'objecte base de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6401,19 +6407,19 @@ msgstr "" + "biblioteques de client LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6424,7 +6430,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6432,36 +6438,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6471,20 +6470,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Totes les opcions comunes de configuració que s'apliquen als dominis SSD " +-"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS " +-"DE DOMINI</quote> de la pàgina de manual de <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id=" +-"\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPCIONS DE SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6492,36 +6485,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Per defecte: 21600 (6 hores)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6529,14 +6522,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6546,101 +6539,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6649,59 +6642,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPCIONS D'AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Per defecte: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPCIONS AVANÇADES" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6710,22 +6703,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6734,14 +6727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6752,7 +6745,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6765,27 +6758,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6801,13 +6794,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8451,7 +8444,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booleà)" + +@@ -8466,7 +8459,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8481,12 +8474,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8507,12 +8500,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8536,17 +8529,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8554,7 +8547,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8581,7 +8574,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (enter)" + +@@ -8594,12 +8587,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8618,60 +8611,60 @@ msgid "Default: False (disabled)" + msgstr "Per defecte: False (inhabilitat)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8785,26 +8778,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10268,9 +10261,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booleà)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10280,19 +10291,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Per defecte: 3600 (segons)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10302,12 +10313,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Per defecte: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10315,7 +10326,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10339,7 +10350,7 @@ msgstr "" + "ad_domain = exemple.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10351,7 +10362,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10359,7 +10370,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10369,7 +10380,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -10897,16 +10908,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les " +-"aplicacions clients no utilitzaran el fast en la memòria cau." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -11998,20 +12003,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> for more information on configuring Kerberos." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu " +-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +-"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -14753,26 +14750,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the IPA provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA " +-"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la " +-"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual " +-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -14801,10 +14784,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -14818,10 +14799,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id, max_id (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -14832,17 +14811,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Per defecte: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14853,10 +14828,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Per defecte: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15057,17 +15030,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -15336,10 +15304,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -15358,28 +15324,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Proveïdor de LDAP de l'SSSD" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -15387,12 +15341,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per " +-"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</" +-"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir " +-"informació detallada de la sintaxi." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16210,10 +16158,8 @@ msgstr "ldap_group_modify_timestamp (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -16428,10 +16374,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECCIONS DELS SERVEIS" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -16665,10 +16609,8 @@ msgstr "Per defecte: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPCIONS D'AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -16917,10 +16859,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (enter)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -18005,9 +17945,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Per defecte: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (enter)" +diff --git a/src/man/po/cs.po b/src/man/po/cs.po +index 4642fe99e..086df21c0 100644 +--- a/src/man/po/cs.po ++++ b/src/man/po/cs.po +@@ -8,9 +8,9 @@ + # Pavel Borecki <pavel.borecki@gmail.com>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-06-21 02:15+0000\n" + "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" + "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/" +@@ -298,9 +298,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -320,16 +320,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -358,7 +358,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -656,8 +656,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -766,10 +766,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: sha256" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1739,7 +1737,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1803,7 +1801,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1868,8 +1866,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5040,34 +5038,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_idmap_range_size (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_idmap_range_size (celé číslo)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5075,14 +5094,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5090,17 +5109,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5110,12 +5129,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5123,17 +5142,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_idmap_range_max (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_idmap_range_max (celé číslo)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5141,7 +5175,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5152,7 +5186,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5161,7 +5195,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5169,26 +5203,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5230,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5204,7 +5238,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5212,41 +5246,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5255,32 +5289,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5288,24 +5322,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5313,17 +5347,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5334,24 +5368,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5362,12 +5396,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5380,7 +5414,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5392,17 +5426,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5410,49 +5444,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5460,28 +5494,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5493,7 +5527,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5501,7 +5535,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5509,39 +5543,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5551,7 +5585,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5559,26 +5593,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5586,7 +5620,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5594,31 +5628,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5627,56 +5661,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5692,12 +5726,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5706,14 +5740,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5722,24 +5756,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5747,19 +5781,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5768,7 +5802,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5776,7 +5810,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5785,7 +5819,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5793,22 +5827,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5818,14 +5852,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5838,12 +5872,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5853,7 +5887,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5863,63 +5897,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5928,74 +5962,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6006,7 +6040,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6014,24 +6048,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6048,12 +6082,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6061,36 +6095,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6098,14 +6132,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6115,101 +6149,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6218,59 +6252,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6279,22 +6313,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6303,14 +6337,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6318,7 +6352,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6331,27 +6365,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6367,13 +6401,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7908,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7923,7 +7957,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7938,12 +7972,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7964,12 +7998,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7993,17 +8027,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8011,7 +8045,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8038,7 +8072,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8051,12 +8085,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8075,60 +8109,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8242,26 +8276,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9701,9 +9735,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9713,19 +9763,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9735,12 +9785,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9748,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9763,7 +9813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9772,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9780,7 +9830,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9790,7 +9840,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13887,10 +13937,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_ccaches (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13904,10 +13952,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13918,17 +13964,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: 64" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13939,10 +13981,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: 65536" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14131,10 +14171,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_search_send" + msgid "probe sdap_parse_entry" +-msgstr "vyzkouší sdap_search_send" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -14154,10 +14192,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "probe dp_req_done" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -15236,10 +15272,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "simple_deny_groups (string)" + msgid "ldap_group_type (string)" +-msgstr "simple_deny_groups (řetězec)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -15938,10 +15972,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +diff --git a/src/man/po/de.po b/src/man/po/de.po +index cb8d12f78..6e65e6abc 100644 +--- a/src/man/po/de.po ++++ b/src/man/po/de.po +@@ -8,9 +8,9 @@ + # Mario Blättermann <mario.blaettermann@gmail.com>, 2014 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:53+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/" +@@ -324,9 +324,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Voreinstellung: »true«" +@@ -346,16 +346,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Voreinstellung: »false«" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -384,7 +384,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Voreinstellung: 10" + +@@ -582,10 +582,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (Boolesch)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -601,22 +599,11 @@ msgstr "try_inotify (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es " +-"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir " +-"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden " +-"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« " +-"abzufragen." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -738,8 +725,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -848,10 +835,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Voreinstellung: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1929,7 +1914,7 @@ msgstr "" + "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Voreinstellung: 0" + +@@ -1993,7 +1978,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Voreinstellung: none" + +@@ -2058,8 +2043,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Voreinstellung: False" +@@ -2392,10 +2377,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_extra_attrs (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_extra_attrs (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2416,10 +2399,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set, i.e. FAST is not used." + msgid "Default: not set, all found rules are used" +-msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5638,17 +5619,38 @@ msgstr "" + "Lebensdauer) verwendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Voreinstellung: 900 (15 Minuten)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (Ganzzahl)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5658,17 +5660,17 @@ msgstr "" + "pro Anfrage." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Voreinstellung: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5680,7 +5682,7 @@ msgstr "" + "deaktiviert ist oder sich nicht ordnungsgemäß verhält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5690,7 +5692,7 @@ msgstr "" + "aber nicht in der Lage, es zu benutzen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5702,17 +5704,17 @@ msgstr "" + "abgelehnt werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "deaktiviert die Bereichsabfrage von Active Directory" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5728,12 +5730,12 @@ msgstr "" + "es so aussehen, als ob große Gruppen keine Mitglieder hätten." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5744,19 +5746,42 @@ msgstr "" + "Werte dieser Option werden durch OpenLDAP definiert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " + "»ldap.conf« angegeben)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (Ganzzahl)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die " ++"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die " ++"Werte dieser Option werden durch OpenLDAP definiert." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5768,7 +5793,7 @@ msgstr "" + "nachgeschlagen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5779,7 +5804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5792,7 +5817,7 @@ msgstr "" + "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5803,12 +5828,12 @@ msgstr "" + "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5818,7 +5843,7 @@ msgstr "" + "Werte angegeben werden:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5827,7 +5852,7 @@ msgstr "" + "oder anfordern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5839,7 +5864,7 @@ msgstr "" + "Sitzung fährt normal fort." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5850,7 +5875,7 @@ msgstr "" + "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5861,22 +5886,22 @@ msgstr "" + "sofort beendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = entspricht »demand«" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Voreinstellung: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5885,7 +5910,7 @@ msgstr "" + "die <command>sssd</command> erkennen wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5894,12 +5919,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5913,33 +5938,33 @@ msgstr "" + "Erstellen der korrekten Namen verwendet werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5947,12 +5972,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5961,12 +5986,12 @@ msgstr "" + "\">tls</systemitem> benutzen muss, um den Kanal abzusichern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5978,19 +6003,19 @@ msgstr "" + "verlassen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" + "Directory-ObjectSIDs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6009,24 +6034,24 @@ msgstr "" + "Abbildung von IDs wählen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6037,12 +6062,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6055,7 +6080,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6067,17 +6092,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6088,17 +6113,17 @@ msgstr "" + "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Voreinstellung: der Wert von »krb5_realm«" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6108,34 +6133,34 @@ msgstr "" + "Bind in eine kanonische Form zu bringen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Voreinstellung: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6143,28 +6168,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Voreinstellung: 86400 (24 Stunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6183,7 +6208,7 @@ msgstr "" + "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6194,7 +6219,7 @@ msgstr "" + "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6206,29 +6231,29 @@ msgstr "" + "migrieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6238,12 +6263,12 @@ msgstr "" + "Kerberos >= 1.7 verfügbar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6259,7 +6284,7 @@ msgstr "" + "manvolnum> </citerefentry> einrichten." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6270,12 +6295,12 @@ msgstr "" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6284,7 +6309,7 @@ msgstr "" + "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6293,7 +6318,7 @@ msgstr "" + "kann keine Server-seitigen Passwortregelwerke deaktivieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6304,7 +6329,7 @@ msgstr "" + "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6316,7 +6341,7 @@ msgstr "" + "Passwort geändert wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6326,17 +6351,17 @@ msgstr "" + "festgelegten Regel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6345,7 +6370,7 @@ msgstr "" + "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6359,28 +6384,28 @@ msgstr "" + "merkliche Leistungsverbesserung bringen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Voreinstellung: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6389,17 +6414,17 @@ msgstr "" + "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6408,12 +6433,12 @@ msgstr "" + "Passwortänderung mit Unix-Zeit geändert wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6443,12 +6468,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Beispiel:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6460,7 +6485,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -6469,7 +6494,7 @@ msgstr "" + "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6478,17 +6503,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Voreinstellung: leer" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6497,7 +6522,7 @@ msgstr "" + "Zugriffssteuerungsattribute aktiviert werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6508,12 +6533,12 @@ msgstr "" + "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Die folgenden Werte sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6522,7 +6547,7 @@ msgstr "" + "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6535,7 +6560,7 @@ msgstr "" + "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6546,7 +6571,7 @@ msgstr "" + "Zugriff erlaubt wird oder nicht." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6559,7 +6584,7 @@ msgstr "" + "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6570,24 +6595,24 @@ msgstr "" + "»ldap_account_expire_policy« funktioniert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " + "sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6597,14 +6622,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6617,12 +6642,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6632,7 +6657,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6642,20 +6667,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6664,33 +6689,33 @@ msgstr "" + "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " + "ob Zugriff gewährt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Voreinstellung: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6699,12 +6724,12 @@ msgstr "" + "mehr als einmal benutzt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6713,22 +6738,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6737,12 +6762,12 @@ msgstr "" + "folgenden Optionen sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6752,7 +6777,7 @@ msgstr "" + "Suche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6761,7 +6786,7 @@ msgstr "" + "der Suche dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6770,7 +6795,7 @@ msgstr "" + "Orten des Basisobjekts der Suche dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6779,12 +6804,12 @@ msgstr "" + "<emphasis>never</emphasis> gehandhabt.)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -6793,7 +6818,7 @@ msgstr "" + "beizubehalten, die das Schema RFC2307 benutzen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6811,7 +6836,7 @@ msgstr "" + "getpw*() oder initgroups() abzurufen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6822,36 +6847,29 @@ msgstr "" + "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6861,19 +6879,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten " +-"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt " +-"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder " +-"type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDO-OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6884,12 +6897,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -6899,7 +6912,7 @@ msgstr "" + "heruntergeladen werden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6908,17 +6921,17 @@ msgstr "" + "emphasis> sein." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Voreinstellung: 21600 (6 Stunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6926,7 +6939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -6935,7 +6948,7 @@ msgstr "" + "das Attribut »modifyTimestamp« benutzt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6945,12 +6958,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -6960,12 +6973,12 @@ msgstr "" + "Netzwerkadressen und Rechnernamen)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -6974,7 +6987,7 @@ msgstr "" + "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -6983,8 +6996,8 @@ msgstr "" + "voll qualifizierten Domain-Namen automatisch herauszufinden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -6993,17 +7006,17 @@ msgstr "" + "emphasis> ist, hat diese Option keine Auswirkungen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Voreinstellung: nicht angegeben" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7012,7 +7025,7 @@ msgstr "" + "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7021,12 +7034,12 @@ msgstr "" + "herauszufinden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7035,12 +7048,12 @@ msgstr "" + "eine Netzgruppe im Attribut »sudoHost« enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7049,14 +7062,14 @@ msgstr "" + "einen Platzhalter im Attribut »sudoHost« enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7069,59 +7082,59 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFS-OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Der Name der Automount-Master-Abbildung in LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Voreinstellung: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "ERWEITERTE OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7130,22 +7143,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7154,14 +7167,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "BEISPIEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7172,7 +7185,7 @@ msgstr "" + "gesetzt ist." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7185,27 +7198,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7221,13 +7234,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ANMERKUNGEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8879,7 +8892,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (Boolesch)" + +@@ -8894,7 +8907,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8916,12 +8929,12 @@ msgstr "" + "Konfigurationsdatei migrieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8950,12 +8963,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Voreinstellung: 1200 (Sekunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8983,17 +8996,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9001,7 +9014,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -9036,7 +9049,7 @@ msgstr "" + "gefundenen als Sicherungsserver." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (Ganzzahl)" + +@@ -9052,12 +9065,12 @@ msgstr "" + "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9082,12 +9095,12 @@ msgid "Default: False (disabled)" + msgstr "Voreinstellung: False (deaktiviert)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -9096,48 +9109,48 @@ msgstr "" + "DNS-Server verwenden soll" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -9264,26 +9277,26 @@ msgstr "" + "zu verwenden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10198,20 +10211,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " + "information on the supported policy settings please refer to the " + "<quote>ad_gpo_map</quote> options." + msgstr "" +-"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu " +-"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner " +-"anmelden darf." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -10266,16 +10271,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -10288,16 +10283,6 @@ msgid "" + "functions' is required (see <citerefentry> <refentrytitle>sssctl</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." + msgstr "" +-"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es " +-"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, " +-"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln " +-"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu " +-"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der " +-"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet " +-"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff " +-"verweigert werden würde. Nach dem Untersuchen der Protokolle können " +-"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf " +-"»enforcing« gesetzt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -10849,9 +10834,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (Boolesch)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10868,19 +10871,19 @@ msgstr "" + "»dyndns_iface« angegeben wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Voreinstellung: 3600 (Sekunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10890,12 +10893,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Voreinstellung: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10907,7 +10910,7 @@ msgstr "" + "Optionen von AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10931,7 +10934,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10943,7 +10946,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10954,7 +10957,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10964,7 +10967,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -11553,17 +11556,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, " +-"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher " +-"nicht." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12779,20 +12775,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Weitere Informationen über die Locator-Erweiterung finden Sie auf der " +-"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -15539,25 +15527,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -15586,10 +15561,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -15603,10 +15576,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -15617,17 +15588,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Voreinstellung: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -15638,10 +15605,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Voreinstellung: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15842,17 +15807,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16121,10 +16081,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16143,28 +16101,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "SSSD LDAP-Anbieter" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16172,11 +16118,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt " +-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -17043,10 +16984,8 @@ msgstr "ldap_group_modify_timestamp (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -17271,10 +17210,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "DIENSTABSCHNITTE" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -17522,10 +17459,8 @@ msgstr "Voreinstellung: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFS-OPTIONEN" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -17825,10 +17760,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (Ganzzahl)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -19037,20 +18970,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Voreinstellung: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (Ganzzahl)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/es.po b/src/man/po/es.po +index f32f5fbae..3f20f2a0d 100644 +--- a/src/man/po/es.po ++++ b/src/man/po/es.po +@@ -13,12 +13,13 @@ + # Daniel Cabrera <logan@fedoraproject.org>, 2011 + # Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata + # Emilio Herrera <ehespinosa57@gmail.com>, 2019. #zanata ++# Emilio Herrera <ehespinosa57@gmail.com>, 2020. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" +-"PO-Revision-Date: 2019-11-16 03:52+0000\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" ++"PO-Revision-Date: 2020-01-30 03:01+0000\n" + "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/" + "es/)\n" +@@ -364,9 +365,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Predeterminado: true" +@@ -389,16 +390,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Predeterminado: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -430,7 +431,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Predeterminado: 10" + +@@ -643,10 +644,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booleano)" ++msgstr "monitor_resolv_conf (booleano)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -654,6 +653,8 @@ msgid "" + "Controls if SSSD should monitor the state of resolv.conf to identify when it " + "needs to update its internal DNS resolver." + msgstr "" ++"Controla si SSSD monitorizaría el estado de resolv.conf para identificar " ++"cuando necesita actualizar su interfaz de resolución DNS interno." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:335 +@@ -662,21 +663,14 @@ msgstr "try_inotify (boolean)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD monitorea el estado de resolv.conf para saber cuando es necesario " +-"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para " +-"ello la herramienta inotify, quien consultará a resolv.conf cada cinco " +-"segundos en caso que inotify no pueda ser utilizado." ++"Por defecto, SSSD intentará usar inotify para monitorizar cambios en los " ++"ficheros de configuración y volverá a sondear cada cinco segundos si inotify " ++"no puede ser usado." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -796,13 +790,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -813,15 +800,19 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Por favor advierta que si se ajusta esta opción todos los usuarios del " +-"domino primario tiene que usar su nombre totalmente cualificado, e.g. " +-"user@domain.name, para acceder. Fijando esta opción cambia el predeterminado " +-"de use_fully_qualified_names a True. No está permitido usar esta opción unto " +-"con use_fully_qualified_names fijado a False." ++"Por favor advierta que si esta opción está establecida todos los usuarios " ++"del dominio primario tienen que usar su nombre totalmente cualificado, e.g. " ++"user@domain.name, para acceder. El establecimiento de esta opción cambia el " ++"comportamiento predeterminado de use_fully_qualified_names a True. No está " ++"permitido el uso de esta opción junto con use_fully_qualified_names " ++"establecido a False. Una excepción de esta regla son los dominios con " ++"<quote>id_provider=files</quote> que siempre intentan igualar el " ++"comportamiento de nss_files y por lo tanto su salida es no cualificada aún " ++"cuando se use la opción default_domain_suffix." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -892,15 +883,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "soft_ocsp" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 + msgid "(NSS Version) This option is ignored." +-msgstr "" ++msgstr "(Versión NSS) Esta opción es ignorada." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:488 +@@ -910,11 +899,15 @@ msgid "" + "authentication when the system is offline and the OCSP responder cannot be " + "reached." + msgstr "" ++"(Versión OpenSSL) S no se puede establecer una conexión con un contestador " ++"OCSP la comprobación OCSP es saltada. Esta opción debería ser usada para " ++"permitir la autenticación cuando el sistema no está en línea y el " ++"contestador OCSP no puede ser alcanzado." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:498 + msgid "ocsp_dgst" +-msgstr "" ++msgstr "ocsp_dgst" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:500 +@@ -922,39 +915,41 @@ msgid "" + "Digest (hash) function used to create the certificate ID for the OCSP " + "request. Allowed values are:" + msgstr "" ++"Función resumen (picadillo) usada para crear la ID del certificado para la " ++"petición OCSP. Los valores permitidos son:" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:504 + msgid "sha1" +-msgstr "" ++msgstr "sha1" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:505 + msgid "sha256" +-msgstr "" ++msgstr "sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:506 + msgid "sha384" +-msgstr "" ++msgstr "sha384" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:507 + msgid "sha512" +-msgstr "" ++msgstr "sha512" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Predeterminado: 5" ++msgstr "Predeterminado: sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 + msgid "" + "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally." + msgstr "" ++"(Versión NSS) Esta opción es ignorada, porque NSS usa sha1 " ++"incondicionalmente." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:518 +@@ -1060,7 +1055,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:583 + msgid "soft_crl" +-msgstr "" ++msgstr "soft_crl" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:588 +@@ -1070,6 +1065,10 @@ msgid "" + "allow authentication when the system is offline and the CRL cannot be " + "renewed." + msgstr "" ++"(Versión OpenSSL) Si una Lista de Revocación de Certificado (CRL) expira " ++"ignora las comprobaciones CRL para los certificados relacionados. Esta " ++"opción debería ser usada para permitir la autenticación cuando el sistema " ++"está fuera de linea y la CRL no puede ser renovada." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:468 +@@ -2137,7 +2136,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Predeterminado: 0" + +@@ -2215,7 +2214,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Predeterminado: none" + +@@ -2294,8 +2293,8 @@ msgstr "" + "de autenticación esta opción está deshabilitada por defecto." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Por defecto: False" +@@ -2674,10 +2673,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (cadena)" ++msgstr "ssh_use_certificate_matching_rules (cadena)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2688,6 +2685,11 @@ msgid "" + "comma separated list of mapping and matching rule names. All other rules " + "will be ignored." + msgstr "" ++"Por defecto el contestador ssh usará todos los certificados disponibles que " ++"coincidan con las reglas para filtrar los certificados de modo que las " ++"claves ssh solo se derivarán a los que coincidan. Con esta opción las reglas " ++"usadas pueden ser restringidas con una lista separada por comas de nombres " ++"de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1763 +@@ -2695,13 +2697,13 @@ msgid "" + "If a non-existing rule name is given all rules will be ignored and all " + "available certificates will be used to derive ssh keys." + msgstr "" ++"Si se da un nombre de regla que no existe todas las reglas serán ignoradas y " ++"los certificados disponibles serán usados para derivar claves ssh." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Por defecto: no ajustado (los espacios no serán reemplazados)" ++msgstr "Predetermindo: no establecido, son usadas todas las reglas encontradas" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3367,11 +3369,16 @@ msgid "" + "user, typically ran at login) operation in the past, both the user entry " + "and the group membership are updated." + msgstr "" ++"El refresco en segundo plano procesará usuarios, grupos y netgroups en el " ++"cache. Para usuarios que han llevado a cabo el anteriormente initgroups " ++"(obtener la membresía de grupo para el usuario, normalmente ejecutando " ++"login), tanto la entrada usuario y la membresia de grupo son actualizados." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 + msgid "This option is automatically inherited for all trusted domains." + msgstr "" ++"Esta opción se hereda automáticamente para todos los dominios de confianza." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4613,13 +4620,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -4627,11 +4627,11 @@ msgid "" + "GID in the user entry is also used by a group object, the primary GID of the " + "user resolves to that group object." + msgstr "" +-"Un grupo primario se autogenera para las entradas de usuario cuyos números " +-"UID y GID tienen los mismos valores y al mismo tiempo el número GID no " +-"coresponde a un objeto grupo real en LDAP si los valores son los mismos, " +-"pero el GID primario en la entrada de usuario se usa también por un objeto " +-"grupo, el GID primario del usaurio resuelve a este objeto grupo." ++"Se autogenera un grupo primario para las entradas de usuario cuyos números " ++"UID y GID tienen el mismo valor y al mismo tiempo el número GID no " ++"corresponde un objeto grupo real en LDAP. Si los valores son los mismos " ++"pero el GID primario en la entrada de usuario es también usado por un objeto " ++"grupo, el GID primario del usuario se resuelve al de ese objeto grupo." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3218 +@@ -5377,22 +5377,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " + "select the prompting might not be suitable for all use cases. The following " + "options should provide a better flexibility here." + msgstr "" +-"Con el creciente número de métodos de autenticación kyh la posibilidad de " +-"que haya múltiples para un solo usuario la heurística usada por pam_sss " +-"podría no ser adecuada para todos los casos de uso. Las siguientes opciones " +-"suministrarían una mejor flexibilidad aquí." ++"Con el creciente número de métodos de autenticación y la la posibilidad de " ++"que haya múltiples para un único usuario la heurística usada por pam_sss " ++"para seleccionar la solicitud podría no ser adecuada para todos los casos. " ++"Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:3705 +@@ -5450,19 +5444,14 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " + "string" + msgstr "" +-"valor booleano, si True habrá solo una única consulta usando el valor de " +-"first_prompt donde se espera que el factor sea introducido como una única " +-"cadena" ++"valor booleano, si True habrá una única pregunta usando el valor de " ++"first_prompt donde se espera que ambos factores se introduzcan como una " ++"única cadena" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3719 +@@ -5475,12 +5464,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" +@@ -5493,19 +5476,14 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " + "for this service." + msgstr "" +-"Es posible añadir una subsección para srvicios PAM especificos como e.g. " +-"<quote>[prompting/password/sshd]</quote> para cambio individual de la " +-"consulta para este servicio." ++"Es posible añadir una subsección para servicios PAM específicos, e.g. " ++"<quote>[prompting/password/sshd]</quote> para el cambio individual de la " ++"pregunta para este servicio." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43 +@@ -6301,17 +6279,38 @@ msgstr "" + "temprano (este valor contra el tiempo de vida TGT)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Predeterminado: 900 (15 minutos)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (entero)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6320,17 +6319,17 @@ msgstr "" + "Algunos servidores LDAP hacen cumplir un límite máximo por petición." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Predeterminado: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6341,7 +6340,7 @@ msgstr "" + "RootDSE pero no está habilitado o no se comporta apropiadamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6351,7 +6350,7 @@ msgstr "" + "pero es incapaz de usarlo." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6362,17 +6361,17 @@ msgstr "" + "puede ocasionar que algunas peticiones sean denegadas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Deshabilitar la recuperación del rango de Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6388,12 +6387,12 @@ msgstr "" + "miembros." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6404,19 +6403,42 @@ msgstr "" + "de esta opción son definidos por OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." + "conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (entero)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el " ++"nivel de seguridad mínimo necesario para establecer la conexión. Los valores " ++"de esta opción son definidos por OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6427,7 +6449,7 @@ msgstr "" + "deference. Si hay menos miembros desaparecidos, se buscarán individualmente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6444,7 +6466,7 @@ msgstr "" + "lo soporta y auncia el control de la desreferencia en el objeto rootDSE." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6457,7 +6479,7 @@ msgstr "" + "soportados son 389/RHDS, OpenLDAP y Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6468,12 +6490,12 @@ msgstr "" + "será deshabilitado sin tener en cuenta este ajuste." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6483,7 +6505,7 @@ msgstr "" + "los siguientes valores:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6492,7 +6514,7 @@ msgstr "" + "certificado de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6503,7 +6525,7 @@ msgstr "" + "certificado malo, será ignorado y la sesión continua normalmente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6514,7 +6536,7 @@ msgstr "" + "certificado malo, la sesión se termina inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6525,22 +6547,22 @@ msgstr "" + "termina inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Predeterminado: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6549,7 +6571,7 @@ msgstr "" + "de Certificación que <command>sssd</command> reconocerá." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6558,12 +6580,12 @@ msgstr "" + "etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6577,33 +6599,33 @@ msgstr "" + "para crear los nombres correctos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + "Especifica el fichero que contiene el certificado para la clave del cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Especifica el archivo que contiene la clave del cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6614,12 +6636,12 @@ msgstr "" + "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6628,12 +6650,12 @@ msgstr "" + "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6644,18 +6666,18 @@ msgstr "" + "ldap_user_uid_number y ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6673,17 +6695,17 @@ msgstr "" + "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6692,7 +6714,7 @@ msgstr "" + "soportados GSSAPI y GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6709,12 +6731,12 @@ msgstr "" + "manvolnum></citerefentry> para más detalles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6734,7 +6756,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6754,17 +6776,17 @@ msgstr "" + "en la pestaña." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Por defecto: host/nombre_de_host@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6775,17 +6797,17 @@ msgstr "" + "reino también, esta opción se ignora." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Por defecto: el valor de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6794,34 +6816,34 @@ msgstr "" + "para para canocalizar el nombre de host durante una unión SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Predeterminado: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6832,12 +6854,12 @@ msgstr "" + "es GSSAPI o GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" +@@ -6845,17 +6867,17 @@ msgstr "" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Predeterminado: 86400 (24 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6874,7 +6896,7 @@ msgstr "" + "información, vea la sección <quote>SERVICE DISCOVERY</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6885,7 +6907,7 @@ msgstr "" + "regresa a _tcp si no se encuentra nada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6897,30 +6919,30 @@ msgstr "" + "configuración para usar <quote>krb5_server</quote> en su lugar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6929,12 +6951,12 @@ msgstr "" + "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6949,7 +6971,7 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6961,12 +6983,12 @@ msgstr "" + "localizador." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6975,7 +6997,7 @@ msgstr "" + "del cliente. Los siguientes valores son permitidos:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6984,7 +7006,7 @@ msgstr "" + "no puede deshabilitar las políticas de password en el lado servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6995,7 +7017,7 @@ msgstr "" + "manvolnum></citerefentry> para evaluar si la contraseña ha expirado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -7007,7 +7029,7 @@ msgstr "" + "password." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -7017,19 +7039,19 @@ msgstr "" + "establecida por esta opción." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Especifica si el seguimiento de referencias automático debería ser " + "habilitado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -7038,7 +7060,7 @@ msgstr "" + "está compilado con OpenLDAP versión 2.4.13 o más alta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -7051,29 +7073,29 @@ msgstr "" + "esta opción a false le llevará a una notable mejora de rendimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Especifica el nombre del servicio para utilizar cuando está habilitado el " + "servicio de descubrimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Predeterminado: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -7083,17 +7105,17 @@ msgstr "" + "descubrimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -7102,12 +7124,12 @@ msgstr "" + "desde el Epoch después de una operación de cambio de contraseña." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7135,12 +7157,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Ejemplo:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7152,7 +7174,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7161,7 +7183,7 @@ msgstr "" + "usuarios cuyo atributo employeeType esté establecido a \"admin\"." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7174,17 +7196,17 @@ msgstr "" + "se les seguirán otorgando acceso sin conexión y viceversa." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Predeterminado: vacío" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7193,7 +7215,7 @@ msgstr "" + "control de acceso del lado cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7204,12 +7226,12 @@ msgstr "" + "una código de error definible aunque el password sea correcto." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Los siguientes valores están permitidos:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7218,7 +7240,7 @@ msgstr "" + "determinar si la cuenta ha expirado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7231,7 +7253,7 @@ msgstr "" + "se comprueba el tiempo de expiración de la cuenta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7242,7 +7264,7 @@ msgstr "" + "el acceso o no." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7255,7 +7277,7 @@ msgstr "" + "permitido. Si ambos atributos están desaparecidos se concede el acceso." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7266,24 +7288,24 @@ msgstr "" + "la opción ldap_account_expire_policy funcione." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Lista separada por coma de opciones de control de acceso. Los valores " + "permitidos son:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7299,7 +7321,7 @@ msgstr "" + "funciones." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7309,7 +7331,7 @@ msgstr "" + "</emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7331,12 +7353,12 @@ msgstr "" + "estar establecido para que esta característica funcione." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7351,7 +7373,7 @@ msgstr "" + "método distinto a las contraseñas - por ejemplo claves SSH." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7366,7 +7388,7 @@ msgstr "" + "inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7374,7 +7396,7 @@ msgstr "" + "explícito." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7384,7 +7406,7 @@ msgstr "" + "para una política de contraseña apropiada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7393,13 +7415,13 @@ msgstr "" + "autorizedService para determinar el acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7408,7 +7430,7 @@ msgstr "" + "host remoto puede acceder" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7418,12 +7440,12 @@ msgstr "" + "opción de control de acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Predeterminado: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7432,12 +7454,12 @@ msgstr "" + "una vez." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7451,22 +7473,22 @@ msgstr "" + "LDAP no pueden verificarse correctamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7475,13 +7497,13 @@ msgstr "" + "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7491,7 +7513,7 @@ msgstr "" + "búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7500,7 +7522,7 @@ msgstr "" + "cuando se localice el objeto base de la búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7509,7 +7531,7 @@ msgstr "" + "para la búsqueda como en la localización del objeto base de la búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7518,12 +7540,12 @@ msgstr "" + "librerías cliente LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7532,7 +7554,7 @@ msgstr "" + "servidores que usan el esquema RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7550,7 +7572,7 @@ msgstr "" + "llamadas getpw*() o initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7561,12 +7583,12 @@ msgstr "" + "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7575,25 +7597,18 @@ msgstr "" + "descargadas durante una búsqueda de comodín." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7603,19 +7618,22 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Todas las opciones de configuración comunes que se aplican a los dominios " +-"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " ++"Todas las opciones comunes de configuración que se aplican a los dominios " ++"SSSD tambien se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " + "SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles " +-"completos. <placeholder type=\"variablelist\" id=\"0\"/>" ++"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para todos los " ++"detalles. Advierta que los atributos de mapeo SSSD LDAP están descritos en " ++"la página de manual <citerefentry> <refentrytitle>sssd-ldap-attributes</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder type=" ++"\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPCIONES SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7626,12 +7644,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7641,7 +7659,7 @@ msgstr "" + "servidor)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7650,17 +7668,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Por defecto: 21600 (6 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7672,7 +7690,7 @@ msgstr "" + "actualmente SSSD)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7681,7 +7699,7 @@ msgstr "" + "atributo modifyTimestamp." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7697,12 +7715,12 @@ msgstr "" + "<emphasis>ldap_connection_expire_timeout</emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7711,12 +7729,12 @@ msgstr "" + "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7725,7 +7743,7 @@ msgstr "" + "totalmente cualificados que sería usada para filtrar las reglas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7734,8 +7752,8 @@ msgstr "" + "nombre de dominio totalmente cualificado automáticamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7744,17 +7762,17 @@ msgstr "" + "emphasis> esta opción no tiene efecto." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Por defecto: no especificado" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7763,7 +7781,7 @@ msgstr "" + "usada para filtrar las reglas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7772,12 +7790,12 @@ msgstr "" + "automáticamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "sudo_include_netgroups (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7786,12 +7804,12 @@ msgstr "" + "atributo sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7800,7 +7818,7 @@ msgstr "" + "atributo sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7809,7 +7827,7 @@ msgstr "" + "del servidor LDAP!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7822,12 +7840,12 @@ msgstr "" + "manvolnum> </citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPCIONES AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7836,47 +7854,47 @@ msgstr "" + "esquema LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "El nombre del mapa maestro de montaje automático en LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Pfredeterminado: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPCIONES AVANZADAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7889,22 +7907,22 @@ msgstr "" + "función, si los nombres de grupo no están siendo visualizados correctamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7917,14 +7935,14 @@ msgstr "" + "<placeholder type=\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EJEMPLO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7935,7 +7953,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7955,20 +7973,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -7977,7 +7995,7 @@ msgstr "" + "ldap_access_order=lockout." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8003,13 +8021,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTAS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -9937,7 +9955,7 @@ msgstr "" + "este host. El nombre de host debe ser totalmente cualificado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booleano)" + +@@ -9957,7 +9975,7 @@ msgstr "" + "otra manera utilizando la opción <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -9978,12 +9996,12 @@ msgstr "" + "usar <emphasis>dyndns_update</emphasis> en su fichero de configuración." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -10010,12 +10028,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Por defecto: 1200 (segundos)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -10046,17 +10064,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -10064,7 +10082,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -10091,7 +10109,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -10104,12 +10122,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -10128,60 +10146,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10306,26 +10324,26 @@ msgstr "" + "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11800,9 +11818,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booleano)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -11812,19 +11848,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -11834,12 +11870,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Predeterminado: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -11850,7 +11886,7 @@ msgstr "" + "Este ejemplo muestra sólo las opciones específicas del proveedor AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -11874,7 +11910,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -11886,7 +11922,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -11897,7 +11933,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -11907,7 +11943,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -12480,16 +12516,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +-#| "client applications will not use the fast in-memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", " +-"las aplicaciones clientes no usaran la memoria cache rápida." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -13630,21 +13660,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Vea la página de manual <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> para más información sobre el complemento " +-"localizador." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -16323,26 +16344,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Esta página de manual describe la configuración del proveedor AD para " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección " +-"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -16371,10 +16378,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -16388,10 +16393,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id, max_id (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -16402,17 +16405,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Predeterminado: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -16423,10 +16422,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Predeterminado: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -16627,17 +16624,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "auth sufficient pam_sss.so allow_missing_name\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"auth sufficient pam_sss.so allow_missing_name\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16906,10 +16898,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16928,28 +16918,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Proveedor SSSD LDAP" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16957,11 +16935,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Esta página de manual describe la configuración de dominios LDAP para " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de " +-"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> para información detallada de la sintáxis." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -17850,10 +17823,8 @@ msgstr "ldap_group_modify_timestamp (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -18083,10 +18054,8 @@ msgstr "Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECCIONES DE SERVICIOS" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -18334,10 +18303,8 @@ msgstr "Por defecto: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPCIONES AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -18649,10 +18616,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (entero)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -19779,27 +19744,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "El refresco en segundo plano procesará usuarios grupos y grupos de red en " +-#~ "la caché." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Predeterminado: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (entero)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/eu.po b/src/man/po/eu.po +index 60d333c05..a122f6ce6 100644 +--- a/src/man/po/eu.po ++++ b/src/man/po/eu.po +@@ -5,9 +5,9 @@ + # Translators: + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:55+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +@@ -294,9 +294,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -316,16 +316,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -354,7 +354,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -652,8 +652,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -1733,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1797,7 +1797,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1862,8 +1862,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5032,34 +5032,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5067,14 +5086,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5082,17 +5101,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5102,12 +5121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5115,17 +5134,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5133,7 +5165,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5144,7 +5176,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5153,7 +5185,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5161,26 +5193,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5188,7 +5220,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5228,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5204,41 +5236,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5247,32 +5279,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5280,24 +5312,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5305,17 +5337,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5326,24 +5358,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5354,12 +5386,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5372,7 +5404,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5384,17 +5416,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5402,49 +5434,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5452,28 +5484,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5485,7 +5517,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5493,7 +5525,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5501,39 +5533,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5543,7 +5575,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5551,26 +5583,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5578,7 +5610,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5586,31 +5618,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5619,56 +5651,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5684,12 +5716,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5698,14 +5730,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5714,24 +5746,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5739,19 +5771,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5760,7 +5792,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5768,7 +5800,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5777,7 +5809,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5785,22 +5817,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5810,14 +5842,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5830,12 +5862,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5845,7 +5877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5855,63 +5887,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5920,74 +5952,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5998,7 +6030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6006,24 +6038,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6040,12 +6072,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6053,36 +6085,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6090,14 +6122,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6107,101 +6139,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6210,59 +6242,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6271,22 +6303,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6295,14 +6327,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6310,7 +6342,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6323,27 +6355,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6359,13 +6391,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7895,7 +7927,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7910,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7925,12 +7957,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7951,12 +7983,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7980,17 +8012,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7998,7 +8030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8025,7 +8057,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8038,12 +8070,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8062,60 +8094,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8229,26 +8261,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9688,9 +9720,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9700,19 +9748,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9722,12 +9770,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9735,7 +9783,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9750,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9759,7 +9807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9767,7 +9815,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9777,7 +9825,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/fi.po b/src/man/po/fi.po +index 34eec244a..3522376ce 100644 +--- a/src/man/po/fi.po ++++ b/src/man/po/fi.po +@@ -1,9 +1,9 @@ + # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2017-03-24 08:46+0000\n" + "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n" + "Language-Team: Finnish\n" +@@ -289,9 +289,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Oletus:tosi" +@@ -311,16 +311,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Oletus:epätosi" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -349,7 +349,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -647,8 +647,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -757,10 +757,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: false" + msgid "Default: sha256" +-msgstr "Oletus:epätosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1730,7 +1728,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1794,7 +1792,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1859,8 +1857,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -2196,10 +2194,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Oletus: ei asetettu(välilyöntejä ei korvata)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5033,34 +5029,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5068,14 +5083,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5083,17 +5098,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5103,12 +5118,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5116,17 +5131,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5134,7 +5162,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5145,7 +5173,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5154,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5162,26 +5190,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5189,7 +5217,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5197,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5205,41 +5233,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5248,32 +5276,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5281,24 +5309,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5306,17 +5334,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5327,24 +5355,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5355,12 +5383,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5373,7 +5401,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5385,17 +5413,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5403,49 +5431,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5453,28 +5481,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5486,7 +5514,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5494,7 +5522,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5502,39 +5530,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5544,7 +5572,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5552,26 +5580,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5579,7 +5607,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5587,31 +5615,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5620,56 +5648,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5685,12 +5713,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5699,14 +5727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5715,24 +5743,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5740,19 +5768,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5761,7 +5789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5769,7 +5797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5778,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5786,22 +5814,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5811,14 +5839,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5831,12 +5859,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5846,7 +5874,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5856,63 +5884,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5921,74 +5949,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5999,7 +6027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6007,24 +6035,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6041,12 +6069,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6054,36 +6082,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6091,14 +6119,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6108,101 +6136,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6211,59 +6239,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6272,22 +6300,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6296,14 +6324,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6311,7 +6339,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6324,27 +6352,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6360,13 +6388,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7896,7 +7924,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7911,7 +7939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7926,12 +7954,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7952,12 +7980,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7981,17 +8009,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7999,7 +8027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8026,7 +8054,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8039,12 +8067,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8063,60 +8091,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8230,26 +8258,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9689,9 +9717,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "debug_timestamps (bool)" ++msgid "ad_use_ldaps (bool)" ++msgstr "debug_timestamps (bool)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9701,19 +9747,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9723,12 +9769,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9736,7 +9782,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9751,7 +9797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9760,7 +9806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9768,7 +9814,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9778,7 +9824,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13870,10 +13916,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13887,10 +13931,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13901,17 +13943,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: true" + msgid "Default: 64" +-msgstr "Oletus:tosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccache_size (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13922,10 +13960,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: true" + msgid "Default: 65536" +-msgstr "Oletus:tosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +diff --git a/src/man/po/fr.po b/src/man/po/fr.po +index adea5d1a6..aa86c5c23 100644 +--- a/src/man/po/fr.po ++++ b/src/man/po/fr.po +@@ -14,9 +14,9 @@ + # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2016-03-19 03:04+0000\n" + "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n" + "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" +@@ -338,9 +338,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Par défaut : true" +@@ -363,16 +363,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Par défaut : false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -401,7 +401,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Par défaut : 10" + +@@ -599,10 +599,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booléen)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -618,21 +616,11 @@ msgstr "try_inotify (booléen)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour " +-"des résolutions DNS internes. Par défaut, l'utilisation de inotify sera " +-"tentée, et reviendra à une interrogation de resolv.conf toutes les cinq " +-"secondes si inotify échoue." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -742,13 +730,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -759,16 +740,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Noter que, si cette option est définie, tous les utilisateurs du domaine " +-"principal doivent utiliser leur nom pleinement qualifié, par exemple " +-"user@domain.name, pour se connecter. L'utilisation de cette option modifie " +-"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas " +-"possible ni autorisé d'utiliser cette option avec l'option " +-"use_fully_qualified_names à False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -883,10 +858,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Par défaut : 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1969,7 +1942,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Par défaut : 0" + +@@ -2038,7 +2011,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Par défaut : aucun" + +@@ -2103,8 +2076,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Par défaut : False" +@@ -2434,10 +2407,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (chaîne)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2458,10 +2429,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5687,17 +5656,38 @@ msgstr "" + "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Par défaut : 900 (15 minutes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (entier)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5706,17 +5696,17 @@ msgstr "" + "Certains serveurs LDAP imposent une limite maximale par requête." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Par défaut : 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5728,7 +5718,7 @@ msgstr "" + "correctement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5738,7 +5728,7 @@ msgstr "" + "sera impossible de l'utiliser." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5749,17 +5739,17 @@ msgstr "" + "cela peut entraîner l'échec de certaines demandes." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Désactiver la récupération de plage Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5775,12 +5765,12 @@ msgstr "" + "apparaissant ainsi sans aucun membre." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5791,19 +5781,42 @@ msgstr "" + "de cette option sont définies par OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " + "par ldap.conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le " ++"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs " ++"de cette option sont définies par OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5814,7 +5827,7 @@ msgstr "" + "membres manquants est inférieur, ils sont recherchés individuellement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5825,7 +5838,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5838,7 +5851,7 @@ msgstr "" + "acceptés sont 389/RHDS, OpenLDAP et Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5849,12 +5862,12 @@ msgstr "" + "déréférencement est désactivée indépendamment de ce paramètre." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5863,7 +5876,7 @@ msgstr "" + "session TLS, si elle existe. Une des valeurs suivantes est utilisable :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5872,7 +5885,7 @@ msgstr "" + "quelconque certificat du serveur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5883,7 +5896,7 @@ msgstr "" + "certificat est fourni, il est ignoré et la session continue normalement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5894,7 +5907,7 @@ msgstr "" + "certificat est fourni, la session se termine immédiatement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5905,22 +5918,22 @@ msgstr "" + "immédiatement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Par défaut : hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5929,7 +5942,7 @@ msgstr "" + "certification que <command>sssd</command> reconnaîtra." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5938,12 +5951,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5957,32 +5970,32 @@ msgstr "" + "corrects." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Définit le fichier qui contient le certificat pour la clef du client." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Définit le fichier qui contient la clef du client." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5990,12 +6003,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6005,12 +6018,12 @@ msgstr "" + "canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6022,19 +6035,19 @@ msgstr "" + "ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Cette fonctionnalité ne prend actuellement en charge que la correspondance " + "par objectSID avec Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6054,24 +6067,24 @@ msgstr "" + "identifiants." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Par défaut : non indiqué (les deux options sont à 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6082,12 +6095,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6100,7 +6113,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6112,17 +6125,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Par défaut : host/hostname@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6133,17 +6146,17 @@ msgstr "" + "domaine, cette option est ignorée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Par défaut : la valeur de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6152,34 +6165,34 @@ msgstr "" + "le nom de l'hôte au cours d'une liaison SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Défaut : false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6187,28 +6200,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Par défaut : 86400 (24 heures)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6228,7 +6241,7 @@ msgstr "" + "<quote>DÉCOUVERTE DE SERVICES</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6239,7 +6252,7 @@ msgstr "" + "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6251,29 +6264,29 @@ msgstr "" + "l'utilisation de <quote>krb5_server</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6283,12 +6296,12 @@ msgstr "" + "Kerberos > = 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6303,7 +6316,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6315,12 +6328,12 @@ msgstr "" + "localisation." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6329,7 +6342,7 @@ msgstr "" + "valeurs suivantes sont acceptées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6338,7 +6351,7 @@ msgstr "" + "peut pas désactiver la politique sur les mots de passe du côté serveur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6349,7 +6362,7 @@ msgstr "" + "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6361,7 +6374,7 @@ msgstr "" + "est changé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6370,17 +6383,17 @@ msgstr "" + "côté serveur, elle prend le pas sur la politique indiquée avec cette option." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "Définit si le déréférencement automatique doit être activé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6389,7 +6402,7 @@ msgstr "" + "compilé avec OpenLDAP version 2.4.13 ou supérieur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6403,29 +6416,29 @@ msgstr "" + "permettre d'améliorer de façon notable les performances." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Définit le nom de service à utiliser quand la découverte de services est " + "activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Par défaut : ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6434,19 +6447,19 @@ msgstr "" + "un changement de mot de passe quand la découverte de services est activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + "Par défaut : non défini, c'est-à-dire que le service de découverte est " + "désactivé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6456,12 +6469,12 @@ msgstr "" + "de passe." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6477,12 +6490,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exemple :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6494,7 +6507,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -6503,7 +6516,7 @@ msgstr "" + "dont l'attribut employeeType est « admin »." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6512,17 +6525,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Par défaut : vide" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6531,7 +6544,7 @@ msgstr "" + "être activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6543,12 +6556,12 @@ msgstr "" + "correct." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Les valeurs suivantes sont autorisées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6557,7 +6570,7 @@ msgstr "" + "pour déterminer si le compte a expiré." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6570,7 +6583,7 @@ msgstr "" + "d'expiration du compte est aussi vérifiée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6581,7 +6594,7 @@ msgstr "" + "l'accès est autorisé ou non." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6594,7 +6607,7 @@ msgstr "" + "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6605,24 +6618,24 @@ msgstr "" + "ldap_account_expire_policy de fonctionner." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Liste séparées par des virgules des options de contrôles d'accès. Les " + "valeurs autorisées sont :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6632,14 +6645,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6652,12 +6665,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6667,7 +6680,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6677,20 +6690,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6699,32 +6712,32 @@ msgstr "" + "authorizedService pour déterminer l'accès" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Par défaut : filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6733,12 +6746,12 @@ msgstr "" + "de configuration." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6747,22 +6760,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6771,12 +6784,12 @@ msgstr "" + "recherche. Les options suivantes sont autorisées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6786,7 +6799,7 @@ msgstr "" + "recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6795,7 +6808,7 @@ msgstr "" + "la localisation de l'objet de base de la recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6804,7 +6817,7 @@ msgstr "" + "recherche et et la localisation de l'objet de base de la recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6813,12 +6826,12 @@ msgstr "" + "bibliothèques clientes LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -6827,7 +6840,7 @@ msgstr "" + "LDAP pour les serveurs qui utilisent le schéma RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6845,7 +6858,7 @@ msgstr "" + "initgoups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6856,36 +6869,29 @@ msgstr "" + "ajoutent les utilisateurs locaux aux groupes LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6895,19 +6901,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Toutes les options de configuration communes appliquées aux domaines SSSD " +-"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE " +-"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " +-"détails. <placeholder type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPTIONS DE SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6915,12 +6916,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -6930,7 +6931,7 @@ msgstr "" + "règles qui sont stockées sur le serveur)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6939,17 +6940,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Par défaut : 21600 (6 heures)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6957,7 +6958,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -6966,7 +6967,7 @@ msgstr "" + "modifyTimestamp est utilisé à la place." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6976,12 +6977,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -6991,12 +6992,12 @@ msgstr "" + "noms de systèmes)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7005,7 +7006,7 @@ msgstr "" + "doivent être utilisés pour filtrer les règles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7014,8 +7015,8 @@ msgstr "" + "nom de système et le nom de domaine pleinement qualifié." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7024,17 +7025,17 @@ msgstr "" + "emphasis>, alors cette option n'a aucun effet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Par défaut : non spécifié" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7043,7 +7044,7 @@ msgstr "" + "IPv6 qui doivent être utilisés pour filtrer les règles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7052,12 +7053,12 @@ msgstr "" + "automatiquement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7066,12 +7067,12 @@ msgstr "" + "netgroup dans l'attribut sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7080,14 +7081,14 @@ msgstr "" + "un joker dans l'attribut sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7100,59 +7101,59 @@ msgstr "" + "manvolnum></citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPTIONS AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Par défaut : auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPTIONS AVANCÉES" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7161,22 +7162,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7185,14 +7186,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7203,7 +7204,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7223,27 +7224,27 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7269,13 +7270,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8912,7 +8913,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booléen)" + +@@ -8927,7 +8928,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8949,12 +8950,12 @@ msgstr "" + "configuration." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8981,12 +8982,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Par défaut : 1200 (secondes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -9014,17 +9015,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9032,7 +9033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -9067,7 +9068,7 @@ msgstr "" + "seront utilisés comme serveurs de repli" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (entier)" + +@@ -9084,12 +9085,12 @@ msgstr "" + "configurée à true." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9114,12 +9115,12 @@ msgid "Default: False (disabled)" + msgstr "Par défaut : False (désactivé)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -9128,48 +9129,48 @@ msgstr "" + "communication avec le serveur DNS." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -9295,26 +9296,26 @@ msgstr "" + "convertit en DN de base pour effectuer les opérations LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10807,9 +10808,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booléen)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10826,19 +10845,19 @@ msgstr "" + "<quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Par défaut : 3600 (secondes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10848,12 +10867,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Par défaut : True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10864,7 +10883,7 @@ msgstr "" + "exemples montrent seulement les options spécifiques au fournisseur AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10888,7 +10907,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10900,7 +10919,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10911,7 +10930,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10921,7 +10940,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -11500,17 +11519,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +-#| "debug messages will be sent to stderr." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " +-"quelconque, des messages de débogage seront envoyés sur la sortie standard " +-"d'erreur." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12698,21 +12710,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Consulter la page de manuel de <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> pour plus d'informations sur le greffon de " +-"localisation." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -15443,26 +15446,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Cette page de manuel décrit la configuration du fournisseur AD pour " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section " +-"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -15491,10 +15480,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -15508,10 +15495,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -15522,17 +15507,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Par défaut : 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -15543,10 +15524,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Par défaut : 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15747,17 +15726,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16026,10 +16000,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (chaînes)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16048,28 +16020,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Fournisseur LDAP SSSD" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16077,11 +16037,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " +-"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " +-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16950,10 +16905,8 @@ msgstr "ldap_group_modify_timestamp (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (chaîne)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -17178,10 +17131,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECTIONS DE SERVICES" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -17429,10 +17380,8 @@ msgstr "Par défaut : sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPTIONS AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -17734,10 +17683,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (entier)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -18898,20 +18845,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Par défaut : homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (entier)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/ja.po b/src/man/po/ja.po +index 5231f970b..85dd3f49c 100644 +--- a/src/man/po/ja.po ++++ b/src/man/po/ja.po +@@ -9,9 +9,9 @@ + # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-05-28 11:45+0000\n" + "Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/" +@@ -322,9 +322,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "初期値: true" +@@ -344,16 +344,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "初期値: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -382,7 +382,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "初期値: 10" + +@@ -566,10 +566,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (論理値)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -585,21 +583,11 @@ msgstr "try_inotify (論理値)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv." +-"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま" +-"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう" +-"フォールバックします。" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -714,8 +702,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -824,10 +812,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "初期値: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1864,7 +1850,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "初期値: 0" + +@@ -1928,7 +1914,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "初期値: none" + +@@ -1993,8 +1979,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "初期値: 偽" +@@ -2335,10 +2321,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set, i.e. FAST is not used." + msgid "Default: not set, all found rules are used" +-msgstr "初期値: 設定されません、つまり FAST が使用されません。" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5378,17 +5362,38 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "初期値: 900 (15 分)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (整数)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5397,17 +5402,17 @@ msgstr "" + "バーは 1 要求あたりの最大数の制限を強制します。" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "初期値: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5418,7 +5423,7 @@ msgstr "" + "ことを報告する場合に、このオプションが使用されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5428,7 +5433,7 @@ msgstr "" + "す。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5439,17 +5444,17 @@ msgstr "" + "があります。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Active Directory の範囲の取得を無効化します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5459,12 +5464,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5472,17 +5477,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (整数)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5490,7 +5510,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5501,7 +5521,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5510,7 +5530,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5518,12 +5538,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5532,7 +5552,7 @@ msgstr "" + "クするものを指定します。以下の値のうち 1 つを指定できます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5541,7 +5561,7 @@ msgstr "" + "確認しません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5552,7 +5572,7 @@ msgstr "" + "無視され、セッションが通常通り進められます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5563,7 +5583,7 @@ msgstr "" + "ンが直ちに終了します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5573,22 +5593,22 @@ msgstr "" + "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "初期値: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5598,7 +5618,7 @@ msgstr "" + "書を含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5607,12 +5627,12 @@ msgstr "" + "filename> にあります" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5625,32 +5645,32 @@ msgstr "" + "ます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "クライアントのキーを含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5658,12 +5678,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5672,12 +5692,12 @@ msgstr "" + "用する必要がある id_provider 接続を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5685,18 +5705,18 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5707,24 +5727,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5735,12 +5755,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5753,7 +5773,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5765,17 +5785,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "初期値: host/hostname@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5783,17 +5803,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "初期値: krb5_realm の値" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -5802,33 +5822,33 @@ msgstr "" + "するために逆引きを実行します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "初期値: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5836,28 +5856,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "初期値: 86400 (24 時間)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5869,7 +5889,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5880,7 +5900,7 @@ msgstr "" + "ば _tcp にフォールバックします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5891,27 +5911,27 @@ msgstr "" + "quote> を使用するよう設定ファイルを移行することが推奨されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -5920,12 +5940,12 @@ msgstr "" + "します。この機能は MIT Kerberos >= 1.7 で利用可能です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5935,7 +5955,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5946,12 +5966,12 @@ msgstr "" + "manvolnum> </citerefentry> マニュアルページを参照ください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -5960,7 +5980,7 @@ msgstr "" + "す。以下の値が許容されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -5969,7 +5989,7 @@ msgstr "" + "ンはサーバー側のパスワードポリシーを無効にできません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5980,7 +6000,7 @@ msgstr "" + "manvolnum></citerefentry> 形式の属性を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5991,24 +6011,24 @@ msgstr "" + "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "自動参照追跡が有効化されるかを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6017,7 +6037,7 @@ msgstr "" + "sssd のみが参照追跡をサポートすることに注意してください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6026,28 +6046,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "サービス検索が有効にされているときに使用するサービスの名前を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "初期値: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6056,29 +6076,29 @@ msgstr "" + "を検索するために使用するサービスの名前を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6094,12 +6114,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "例:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6108,14 +6128,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6124,17 +6144,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "初期値: 空白" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6143,7 +6163,7 @@ msgstr "" + "ます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6154,12 +6174,12 @@ msgstr "" + "否します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "以下の値が許可されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6168,7 +6188,7 @@ msgstr "" + "ldap_user_shadow_expire の値を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6177,7 +6197,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6188,7 +6208,7 @@ msgstr "" + "ldap_ns_account_lock の値を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6201,7 +6221,7 @@ msgstr "" + "クセスが許可されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6209,23 +6229,23 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6235,14 +6255,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6255,12 +6275,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6270,7 +6290,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6280,20 +6300,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6302,44 +6322,44 @@ msgstr "" + "authorizedService 属性を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "初期値: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "値が複数使用されていると設定エラーになることに注意してください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6348,22 +6368,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6372,12 +6392,12 @@ msgstr "" + "ションが許容されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6386,7 +6406,7 @@ msgstr "" + "決されますが、検索のベースオブジェクトの位置を探すときはされません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6395,7 +6415,7 @@ msgstr "" + "すときのみ参照解決されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6404,7 +6424,7 @@ msgstr "" + "きも位置を検索するときも参照解決されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6413,19 +6433,19 @@ msgstr "" + "して取り扱われます)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6436,7 +6456,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6444,36 +6464,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6483,19 +6496,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま" +-"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ" +-"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id=" +-"\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDO オプション" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6503,19 +6511,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6524,17 +6532,17 @@ msgstr "" + "ります" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "初期値: 21600 (6 時間)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6542,14 +6550,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6559,24 +6567,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -6585,15 +6593,15 @@ msgstr "" + "区切り一覧です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -6602,17 +6610,17 @@ msgstr "" + "ならば、このオプションは効果を持ちません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "初期値: 指定なし" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -6621,7 +6629,7 @@ msgstr "" + "アドレスの空白区切り一覧です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -6629,38 +6637,38 @@ msgstr "" + "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6672,59 +6680,59 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFS オプション" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "高度なオプション" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6733,22 +6741,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6757,14 +6765,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "例" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6775,7 +6783,7 @@ msgstr "" + "す。" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6788,27 +6796,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6824,13 +6832,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "注記" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8432,7 +8440,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (論理値)" + +@@ -8447,7 +8455,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8465,12 +8473,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8491,12 +8499,12 @@ msgid "Default: 1200 (seconds)" + msgstr "初期値: 1200 (秒)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8520,17 +8528,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8538,7 +8546,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8565,7 +8573,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (整数)" + +@@ -8578,12 +8586,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8602,12 +8610,12 @@ msgid "Default: False (disabled)" + msgstr "初期値: False (無効)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -8616,48 +8624,48 @@ msgstr "" + "どうか。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8781,26 +8789,26 @@ msgstr "" + "めに使用するベース DN に変換されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10256,9 +10264,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (論理値)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10268,19 +10294,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "初期値: 3600 (秒)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10290,12 +10316,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "初期値: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10306,7 +10332,7 @@ msgstr "" + "AD プロバイダー固有のオプションのみ示してします。" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10330,7 +10356,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10342,7 +10368,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10350,7 +10376,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10360,7 +10386,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -10874,16 +10900,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +-#| "debug messages will be sent to stderr." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" +-"セージが標準エラーに送られます。" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12030,20 +12050,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"位置情報プラグインの詳細は <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> マニュアルページを参照ください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -14711,25 +14723,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the IPA provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +-"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説" +-"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー" +-"ジの <quote>ファイル形式</quote> を参照してください。" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -14758,10 +14757,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -14775,10 +14772,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -14789,17 +14784,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "初期値: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14810,10 +14801,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "初期値: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15288,10 +15277,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (文字列)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -15310,10 +15297,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +@@ -15322,14 +15307,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -15337,11 +15314,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +-"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して" +-"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +-"<quote>ファイル形式</quote> セクションを参照してください。" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16172,10 +16144,8 @@ msgstr "ldap_group_modify_timestamp (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (文字列)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -16393,10 +16363,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "サービスセクション" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -16637,10 +16605,8 @@ msgstr "初期値: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFS オプション" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -16906,10 +16872,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (整数)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -17965,6 +17929,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "初期値: homeDirectory" +diff --git a/src/man/po/lv.po b/src/man/po/lv.po +index bd30342f9..fe1fe881a 100644 +--- a/src/man/po/lv.po ++++ b/src/man/po/lv.po +@@ -7,9 +7,9 @@ + # Kristaps, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:00+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" +@@ -297,9 +297,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -319,16 +319,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -357,7 +357,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Noklusējuma: 10" + +@@ -655,8 +655,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -765,10 +765,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: sha256" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1738,7 +1736,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1802,7 +1800,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1867,8 +1865,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5037,34 +5035,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5072,14 +5089,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5087,17 +5104,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5107,12 +5124,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5120,17 +5137,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5138,7 +5168,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5149,7 +5179,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5158,7 +5188,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5166,26 +5196,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5193,7 +5223,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5201,7 +5231,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5209,41 +5239,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5252,32 +5282,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5285,24 +5315,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5310,17 +5340,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5331,24 +5361,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5359,12 +5389,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5377,7 +5407,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5389,17 +5419,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5407,49 +5437,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5457,28 +5487,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Noklusējuma: 86400 (24 stundas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5490,7 +5520,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5498,7 +5528,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5506,39 +5536,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5548,7 +5578,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5556,26 +5586,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5583,7 +5613,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5591,31 +5621,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5624,56 +5654,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Noklusējuma: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5689,12 +5719,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Piemērs:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5703,14 +5733,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5719,24 +5749,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5744,19 +5774,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Atļautas šādas vērtības:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5765,7 +5795,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5773,7 +5803,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5782,7 +5812,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5790,22 +5820,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5815,14 +5845,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5835,12 +5865,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5850,7 +5880,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5860,63 +5890,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Noklusējuma: filtrēt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5925,74 +5955,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6003,7 +6033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6011,24 +6041,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6045,12 +6075,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6058,36 +6088,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6095,14 +6125,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6112,101 +6142,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6215,59 +6245,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "PAPLAŠINĀTĀS IESPĒJAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6276,22 +6306,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6300,14 +6330,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "PIEMĒRS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6315,7 +6345,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6328,27 +6358,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6364,13 +6394,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "PIEZĪMES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7900,7 +7930,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7915,7 +7945,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7930,12 +7960,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7956,12 +7986,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7985,17 +8015,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8003,7 +8033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8030,7 +8060,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8043,12 +8073,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8067,60 +8097,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8234,26 +8264,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9693,9 +9723,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9705,19 +9751,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9727,12 +9773,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9740,7 +9786,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9755,7 +9801,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9764,7 +9810,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9772,7 +9818,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9782,7 +9828,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13874,10 +13920,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "noildze (vesels skaitlis)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13903,10 +13947,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13922,10 +13964,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14420,10 +14460,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +diff --git a/src/man/po/nl.po b/src/man/po/nl.po +index e05315677..640b8933d 100644 +--- a/src/man/po/nl.po ++++ b/src/man/po/nl.po +@@ -6,9 +6,9 @@ + # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:02+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +@@ -320,9 +320,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Standaard: true" +@@ -342,16 +342,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -380,7 +380,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -559,10 +559,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "try_inotify (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "try_inotify (bool)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -578,21 +576,11 @@ msgstr "try_inotify (bool)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne " +-"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om " +-"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden " +-"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -704,8 +692,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -814,10 +802,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 120" + msgid "Default: sha256" +-msgstr "Standaard: 120" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1791,7 +1777,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Standaard: 0" + +@@ -1855,7 +1841,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1920,8 +1906,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5093,34 +5079,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "reconnection_retries (numeriek)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5128,14 +5135,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5143,17 +5150,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5163,12 +5170,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5176,17 +5183,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5194,7 +5214,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5205,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5214,7 +5234,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5222,26 +5242,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5249,7 +5269,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5257,7 +5277,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5265,41 +5285,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5308,32 +5328,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5341,24 +5361,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5366,17 +5386,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5387,24 +5407,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5415,12 +5435,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5433,7 +5453,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5445,17 +5465,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5463,49 +5483,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5513,28 +5533,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5546,7 +5566,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5554,7 +5574,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5562,39 +5582,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5604,7 +5624,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5612,26 +5632,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5639,7 +5659,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5647,31 +5667,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5680,56 +5700,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5745,12 +5765,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5759,14 +5779,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5775,24 +5795,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5800,19 +5820,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5821,7 +5841,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5829,7 +5849,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5838,7 +5858,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5846,22 +5866,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5871,14 +5891,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5891,12 +5911,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5906,7 +5926,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5916,63 +5936,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5981,74 +6001,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6059,7 +6079,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6067,24 +6087,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6101,12 +6121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6114,36 +6134,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6151,14 +6171,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6168,101 +6188,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6271,59 +6291,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6332,22 +6352,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6356,14 +6376,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6371,7 +6391,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6384,27 +6404,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6420,13 +6440,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7956,7 +7976,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7971,7 +7991,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7986,12 +8006,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8012,12 +8032,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8041,17 +8061,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8059,7 +8079,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8086,7 +8106,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8099,12 +8119,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8123,60 +8143,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8290,26 +8310,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9749,9 +9769,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "debug_timestamps (bool)" ++msgid "ad_use_ldaps (bool)" ++msgstr "debug_timestamps (bool)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9761,19 +9799,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9783,12 +9821,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9796,7 +9834,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9811,7 +9849,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9820,7 +9858,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9828,7 +9866,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9838,7 +9876,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13930,10 +13968,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13947,10 +13983,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13961,17 +13995,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "Standaard: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccache_size (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13982,10 +14012,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "Standaard: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15488,10 +15516,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SERVICES SECTIE" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +diff --git a/src/man/po/pt.po b/src/man/po/pt.po +index a7796f3b9..f4e972337 100644 +--- a/src/man/po/pt.po ++++ b/src/man/po/pt.po +@@ -6,9 +6,9 @@ + # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:05+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +@@ -315,9 +315,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -337,16 +337,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Padrão: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -375,7 +375,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Padrão: 10" + +@@ -554,10 +554,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "try_inotify (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "try_inotify (boolean)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -679,8 +677,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -789,10 +787,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: sha256" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1762,7 +1758,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1826,7 +1822,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Padrão: none" + +@@ -1891,8 +1887,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5089,34 +5085,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "reconnection_retries (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Padrão: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5124,14 +5141,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5139,17 +5156,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5159,12 +5176,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5172,17 +5189,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_page_size (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_page_size (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5190,7 +5222,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5201,7 +5233,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5210,7 +5242,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5218,19 +5250,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5239,7 +5271,7 @@ msgstr "" + "qualquer certificado de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5247,7 +5279,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5255,7 +5287,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5263,41 +5295,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Padrão: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5306,32 +5338,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5339,24 +5371,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5364,17 +5396,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5385,24 +5417,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5413,12 +5445,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5431,7 +5463,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5443,17 +5475,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5461,50 +5493,50 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Padrão: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5512,28 +5544,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Padrão: 86400 (24 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5545,7 +5577,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5553,7 +5585,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5561,39 +5593,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5603,7 +5635,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5611,26 +5643,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5638,7 +5670,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5646,31 +5678,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5679,56 +5711,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5744,12 +5776,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5758,14 +5790,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5774,24 +5806,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5799,19 +5831,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5820,7 +5852,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5828,7 +5860,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5837,7 +5869,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5845,22 +5877,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5870,14 +5902,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5890,12 +5922,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5905,7 +5937,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5915,63 +5947,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Padrão: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5980,74 +6012,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6058,7 +6090,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6066,24 +6098,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6100,12 +6132,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6113,36 +6145,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6150,14 +6182,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6167,101 +6199,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6270,59 +6302,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPÇÕES AVANÇADAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6331,22 +6363,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6355,14 +6387,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6370,7 +6402,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6383,27 +6415,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6419,13 +6451,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTAS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7955,7 +7987,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7970,7 +8002,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7985,12 +8017,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8011,12 +8043,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8040,17 +8072,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8058,7 +8090,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8085,7 +8117,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8098,12 +8130,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8122,60 +8154,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8289,26 +8321,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9748,9 +9780,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (boolean)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9760,19 +9810,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9782,12 +9832,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Padrão: TRUE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9795,7 +9845,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9810,7 +9860,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9819,7 +9869,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9827,7 +9877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9837,7 +9887,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13949,10 +13999,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccaches (integer)" +-msgstr "ldap_page_size (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13966,10 +14014,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13980,17 +14026,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14001,10 +14043,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14479,10 +14519,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (string)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -14501,10 +14539,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +@@ -15296,10 +15332,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_search_base (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_search_base (string)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -15998,10 +16032,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (integer)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -17029,6 +17061,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Padrão: homeDirectory" +diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po +index 368e3beca..95d0fee52 100644 +--- a/src/man/po/pt_BR.po ++++ b/src/man/po/pt_BR.po +@@ -2,9 +2,9 @@ + # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2017-01-29 10:11+0000\n" + "Last-Translator: Rodrigo de Araujo Sousa Fonseca " + "<rodrigodearaujo@fedoraproject.org>\n" +@@ -291,9 +291,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -313,16 +313,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -351,7 +351,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -649,8 +649,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -1730,7 +1730,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1794,7 +1794,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1859,8 +1859,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5029,34 +5029,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5064,14 +5083,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5079,17 +5098,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5099,12 +5118,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5112,17 +5131,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5130,7 +5162,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5141,7 +5173,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5150,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5158,26 +5190,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5185,7 +5217,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5193,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5201,41 +5233,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5244,32 +5276,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5277,24 +5309,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5302,17 +5334,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5323,24 +5355,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5351,12 +5383,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5369,7 +5401,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5381,17 +5413,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5399,49 +5431,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5449,28 +5481,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5482,7 +5514,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5490,7 +5522,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5498,39 +5530,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5540,7 +5572,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5548,26 +5580,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5575,7 +5607,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5583,31 +5615,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5616,56 +5648,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5681,12 +5713,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5695,14 +5727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5711,24 +5743,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5736,19 +5768,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5757,7 +5789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5765,7 +5797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5774,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5782,22 +5814,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5807,14 +5839,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5827,12 +5859,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5842,7 +5874,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5852,63 +5884,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5917,74 +5949,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5995,7 +6027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6003,24 +6035,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6037,12 +6069,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6050,36 +6082,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6087,14 +6119,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6104,101 +6136,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6207,59 +6239,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6268,22 +6300,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6292,14 +6324,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6307,7 +6339,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6320,27 +6352,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6356,13 +6388,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7892,7 +7924,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7907,7 +7939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7922,12 +7954,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7948,12 +7980,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7977,17 +8009,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7995,7 +8027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8022,7 +8054,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8035,12 +8067,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8059,60 +8091,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8226,26 +8258,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9685,9 +9717,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9697,19 +9745,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9719,12 +9767,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9732,7 +9780,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9747,7 +9795,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9756,7 +9804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9764,7 +9812,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9774,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/ru.po b/src/man/po/ru.po +index 2325daba0..79c0c1b77 100644 +--- a/src/man/po/ru.po ++++ b/src/man/po/ru.po +@@ -6,9 +6,9 @@ + # Artyom Kunyov <artkun@guitarplayer.ru>, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:07+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" +@@ -296,9 +296,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -318,16 +318,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "По умолчанию: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -356,7 +356,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "По умолчанию: 10" + +@@ -654,8 +654,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -764,10 +764,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "По умолчанию: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1737,7 +1735,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1801,7 +1799,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1866,8 +1864,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5036,34 +5034,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "попыток_соединения (целое число)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5071,14 +5090,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5086,17 +5105,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5106,12 +5125,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5119,17 +5138,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5137,7 +5169,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5148,7 +5180,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5157,7 +5189,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5165,26 +5197,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5192,7 +5224,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5200,7 +5232,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5208,41 +5240,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5251,32 +5283,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5284,24 +5316,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5309,17 +5341,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5330,24 +5362,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5358,12 +5390,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5376,7 +5408,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5388,17 +5420,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5406,49 +5438,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5456,28 +5488,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5489,7 +5521,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5497,7 +5529,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5505,39 +5537,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5547,7 +5579,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5555,26 +5587,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5582,7 +5614,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5590,31 +5622,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5623,56 +5655,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5688,12 +5720,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5702,14 +5734,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5718,24 +5750,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5743,19 +5775,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5764,7 +5796,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5772,7 +5804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5781,7 +5813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5789,22 +5821,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5814,14 +5846,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5834,12 +5866,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5849,7 +5881,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5859,63 +5891,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5924,74 +5956,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6002,7 +6034,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6010,24 +6042,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6044,12 +6076,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6057,36 +6089,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6094,14 +6126,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6111,101 +6143,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6214,59 +6246,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6275,22 +6307,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6299,14 +6331,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "ПРИМЕР" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6314,7 +6346,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6327,27 +6359,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6363,13 +6395,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7899,7 +7931,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7914,7 +7946,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7929,12 +7961,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7955,12 +7987,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7984,17 +8016,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8002,7 +8034,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8029,7 +8061,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8042,12 +8074,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8066,60 +8098,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8233,26 +8265,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9692,9 +9724,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9704,19 +9752,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9726,12 +9774,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9739,7 +9787,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9754,7 +9802,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9763,7 +9811,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9771,7 +9819,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9781,7 +9829,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13900,10 +13948,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "По умолчанию: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13919,10 +13965,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "По умолчанию: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -16939,6 +16983,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "По умолчанию: homeDirectory" +diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot +index fac55fd72..d8bcf2ee5 100644 +--- a/src/man/po/sssd-docs.pot ++++ b/src/man/po/sssd-docs.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:29+0100\n" ++"POT-Creation-Date: 2020-02-12 23:39+0100\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" + "Language-Team: LANGUAGE <LL@li.org>\n" +@@ -254,7 +254,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 ++#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" + +@@ -271,12 +271,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 ++#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1 + msgid "<placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" + +@@ -299,7 +299,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -599,7 +599,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 + msgid "Default: not set" + msgstr "" + +@@ -1672,7 +1672,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1733,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1039 ++#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1798,7 +1798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 include/ldap_id_mapping.xml:244 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" + +@@ -4964,34 +4964,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single " + "request. Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -4999,7 +5018,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use " +@@ -5007,7 +5026,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5015,17 +5034,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5035,12 +5054,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5048,17 +5067,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5066,7 +5098,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to " + "0. Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5077,7 +5109,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5086,7 +5118,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5094,26 +5126,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5121,7 +5153,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5129,7 +5161,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5137,41 +5169,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in " + "<filename>/etc/openldap/ldap.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5180,32 +5212,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5213,24 +5245,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem " + "class=\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5238,17 +5270,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5259,24 +5291,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5287,12 +5319,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5305,7 +5337,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5317,17 +5349,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5335,49 +5367,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5385,29 +5417,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is " + "used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of " +@@ -5419,7 +5451,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5427,7 +5459,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of " + "SSSD. While the legacy name is recognized for the time being, users are " +@@ -5436,39 +5468,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5478,7 +5510,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> " + "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +@@ -5487,26 +5519,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client " + "side. The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use " + "<citerefentry><refentrytitle>shadow</refentrytitle> " +@@ -5515,7 +5547,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5523,31 +5555,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5556,56 +5588,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5622,12 +5654,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5636,14 +5668,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5652,24 +5684,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5677,19 +5709,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5698,7 +5730,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " + "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " +@@ -5706,7 +5738,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5715,7 +5747,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option " + "<emphasis>must</emphasis> include <quote>expire</quote> in order for the " +@@ -5723,22 +5755,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5748,7 +5780,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the " + "<quote>ppolicy</quote> option and might be removed in a future release. " +@@ -5756,7 +5788,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5769,12 +5801,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5784,7 +5816,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5794,38 +5826,38 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control " +@@ -5833,24 +5865,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5859,74 +5891,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5937,7 +5969,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -5945,24 +5977,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -5979,12 +6011,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -5992,36 +6024,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " + "</emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6029,14 +6061,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6046,100 +6078,100 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is " + "<emphasis>false</emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6148,59 +6180,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6209,22 +6241,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6233,12 +6265,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6246,7 +6278,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6259,24 +6291,24 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6292,12 +6324,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7831,7 +7863,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7846,7 +7878,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7861,12 +7893,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7887,12 +7919,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7916,17 +7948,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7934,7 +7966,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -7962,7 +7994,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -7975,12 +8007,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -7999,60 +8031,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8166,26 +8198,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" + +@@ -9622,9 +9654,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9634,19 +9682,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9656,12 +9704,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and " + "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " +@@ -9669,7 +9717,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9684,7 +9732,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9693,7 +9741,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9701,7 +9749,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9711,7 +9759,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/sv.po b/src/man/po/sv.po +index edd640ae9..27f4ddb41 100644 +--- a/src/man/po/sv.po ++++ b/src/man/po/sv.po +@@ -2,9 +2,9 @@ + # Göran Uddeborg <goeran@uddeborg.se>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-11-11 02:33+0000\n" + "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" + "Language-Team: Swedish\n" +@@ -344,9 +344,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Standard: true" +@@ -368,16 +368,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Standard: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -409,7 +409,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Standard: 10" + +@@ -619,10 +619,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (boolean)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -638,21 +636,11 @@ msgstr "try_inotify (boolean)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD övervakar tillståndet hos resolv.conf för att identifiera när den " +-"behöver uppdatera sin interna DNS-uppslagning. Som standard kommer vi " +-"försöka använda inotify till detta, och kommer falla tillbaka på att polla " +-"resolv.conf var femte sekund om inotify inte kan användas." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -770,13 +758,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -787,16 +768,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Observera att om detta alternativ anges måste alla användare från den " +-"primära domänen använda sitt fullständigt kvalificerade namn, t.ex. " +-"användare@domän.namn, för att logga in. Att ange detta alternativ ändrar " +-"standardet på use_fully_qualified_names till True. Det är inte tillåtet att " +-"använda detta alternativ tillsammans med use_fully_qualified_names satt " +-"till False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -866,10 +841,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 +@@ -919,10 +892,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Standard: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -2097,7 +2068,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> för en viss domän." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Standard: 0" + +@@ -2174,7 +2145,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Standard: none" + +@@ -2251,8 +2222,8 @@ msgstr "" + "autentiseringsprocessen är detta alternativ avaktiverat som standard." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Default: False" +@@ -2626,10 +2597,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2650,10 +2619,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Default: not set (blanka kommer inte ersättas)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3312,13 +3279,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 +-#, fuzzy +-#| msgid "" +-#| "This option specifies the maximum allowed number of nested containers." + msgid "This option is automatically inherited for all trusted domains." + msgstr "" +-"Detta alternativ specificerar det maximala antalet tillåtna nästlade " +-"behållare." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4531,13 +4493,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -4545,11 +4500,6 @@ msgid "" + "GID in the user entry is also used by a group object, the primary GID of the " + "user resolves to that group object." + msgstr "" +-"En primär grupp autogenereras för användarposter vars UID- och GID-nummer " +-"har samma värde och GID-numret på samma gång inte motsvarar ett verkligt " +-"gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i " +-"användarposten även används av ett gruppobjekt slås användarens primära GID " +-"upp till det gruppobjektet. " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3218 +@@ -5291,22 +5241,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " + "select the prompting might not be suitable for all use cases. The following " + "options should provide a better flexibility here." + msgstr "" +-"Med det växande antalet autentiseringsmetoder och möjligheten att det finns " +-"flera olika för en enskild användare kan det hända att heurestiken som " +-"används av pam_sss för att välja fråga inte är lämplig för alla " +-"användarfall. Följande alternativ bör ge en bättre flexibilitet här." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:3705 +@@ -5364,19 +5304,11 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " + "string" + msgstr "" +-"booleskt värde, om True kommer det bara vara en fråga som använder värdet på " +-"first_prompt där det förväntas att båda faktorerna matas in som en enda " +-"sträng" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3719 +@@ -5389,37 +5321,19 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" + "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>" + msgstr "" +-"Varje autentiseringsmetod som stödjs har sin ege konfigurationsundersektion " +-"under <quote>[prompting/…]</quote>. För närvarande finns det: <placeholder " +-"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +-">" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " + "for this service." + msgstr "" +-"Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som " +-"t.ex. <quote>[prompting/password/sshd]</quote> för att ändra frågorna " +-"enskild för denna tjänst." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43 +@@ -6200,17 +6114,38 @@ msgstr "" + "(detta värde eller TGT-livslängden) användas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Standard: 900 (15 minuter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (heltal)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6219,17 +6154,17 @@ msgstr "" + "LDAP-servrar framtvingar en maximal gräns per begäran." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Standard: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6240,7 +6175,7 @@ msgstr "" + "RootDSE men det inte är aktiverat eller inte fungerar som det skall." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6250,7 +6185,7 @@ msgstr "" + "den." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6261,17 +6196,17 @@ msgstr "" + "att några begäranden nekas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Avaktivera Active Directory intervallhämtning." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6287,12 +6222,12 @@ msgstr "" + "medlemmar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6303,17 +6238,40 @@ msgstr "" + "detta alternativ är definierat av OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (heltal)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Vid kommunikation med en LDAP-server med SASL, ange den minsta " ++"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på " ++"detta alternativ är definierat av OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6324,7 +6282,7 @@ msgstr "" + "individuellt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6341,7 +6299,7 @@ msgstr "" + "rootDSE-objektet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6354,7 +6312,7 @@ msgstr "" + "OpenLDAP och Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6365,12 +6323,12 @@ msgstr "" + "oavsett denna inställning." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6379,7 +6337,7 @@ msgstr "" + "några. Det kan anges som ett av följande värden:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6388,7 +6346,7 @@ msgstr "" + "några servercertifikat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6399,7 +6357,7 @@ msgstr "" + "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6410,7 +6368,7 @@ msgstr "" + "tillhandahålls avslutas sessionen omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6421,22 +6379,22 @@ msgstr "" + "avslutas sessionen omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Standard: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6445,7 +6403,7 @@ msgstr "" + "<command>sssd</command> kommer godkänna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6454,12 +6412,12 @@ msgstr "" + "openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6473,32 +6431,32 @@ msgstr "" + "namnen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Anger filen som innehåller certifikatet för klientens nyckel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Anger filen som innehåller klientens nyckel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6509,12 +6467,12 @@ msgstr "" + "manvolnum></citerefentry> för formatet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6523,12 +6481,12 @@ msgstr "" + "\"protocol\">tls</systemitem> för att skydda kanalen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6539,18 +6497,18 @@ msgstr "" + "förlita sig på ldap_user_uid_number och ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "För närvarande stödjer denna funktion endast Active Direcotory objectSID" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6568,17 +6526,17 @@ msgstr "" + "Underdomäner kan sedan välja andra intervall för att översätta ID:n." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Standard: inte satt (båda alternativen är satta till 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6587,7 +6545,7 @@ msgstr "" + "GSSAPI och GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6603,12 +6561,12 @@ msgstr "" + "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6628,7 +6586,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6648,17 +6606,17 @@ msgstr "" + "keytab." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Standard: host/värdnamn@RIKE" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6669,17 +6627,17 @@ msgstr "" + "ignoreras detta alternativ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Standard: värdet på krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6688,34 +6646,34 @@ msgstr "" + "att ta fram värdnamnets kanoniska form under en SASL-bindning" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Standard: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6726,29 +6684,29 @@ msgstr "" + "eller GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Standard: 86400 (24 timmar)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6766,7 +6724,7 @@ msgstr "" + "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6777,7 +6735,7 @@ msgstr "" + "hittas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6789,27 +6747,27 @@ msgstr "" + "<quote>krb5_server</quote> istället." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6818,12 +6776,12 @@ msgstr "" + "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6838,7 +6796,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6849,12 +6807,12 @@ msgstr "" + "om lokaliseringsinsticksmodulen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6863,7 +6821,7 @@ msgstr "" + "värden är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6872,7 +6830,7 @@ msgstr "" + "alternativ kan inte avaktivera lösenordspolicyer på serversidan." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6883,7 +6841,7 @@ msgstr "" + "manvolnum></citerefentry> för att utvärdera om lösenordet har gått ut." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6894,7 +6852,7 @@ msgstr "" + "chpass_provider=krb5 för att uppdatera dessa attribut när läsenordet ändras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6903,17 +6861,17 @@ msgstr "" + "kommer den alltid gå före framför policyn som sätts med detta alternativ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6922,7 +6880,7 @@ msgstr "" + "kompilerad med OpenLDAP version 2.4.13 eller senare." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6935,28 +6893,28 @@ msgstr "" + "alternativ till falskt medföra en märkbar prestandaförbättring." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Standard: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6965,17 +6923,17 @@ msgstr "" + "lösenordsändringar när tjänsteupptäckte är aktiverat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6984,12 +6942,12 @@ msgstr "" + "dagar sedan epoken efter en ändring av lösenord." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7017,12 +6975,12 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exempel:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7034,7 +6992,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7043,7 +7001,7 @@ msgstr "" + "användare vars attribut employeeType är satt till ”admin”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7056,17 +7014,17 @@ msgstr "" + "fortsätta ges åtkomst under frånkoppling, och vice versa." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Standard: Empty" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7075,7 +7033,7 @@ msgstr "" + "åtkomststyrningsattribut aktiveras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7086,12 +7044,12 @@ msgstr "" + "felkod även om lösenordet är korrekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Följande värden är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7100,7 +7058,7 @@ msgstr "" + "att avgöra om kontot har gått ut." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7113,7 +7071,7 @@ msgstr "" + "kontot kontrolleras också." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7124,7 +7082,7 @@ msgstr "" + "tillåts eller inte." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7137,7 +7095,7 @@ msgstr "" + "åtkomst." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7148,23 +7106,23 @@ msgstr "" + "ldap_account_expire_policy skall fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7179,7 +7137,7 @@ msgstr "" + "fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7189,7 +7147,7 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7210,12 +7168,12 @@ msgstr "" + "måste vara satt för att denna funktion skall fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7230,7 +7188,7 @@ msgstr "" + "exempel SSH-nycklar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7244,7 +7202,7 @@ msgstr "" + "pwd_expire_policy_renew – användaren ombeds ändra sitt lösenord omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7252,7 +7210,7 @@ msgstr "" + "meddelande av SSSD." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7262,7 +7220,7 @@ msgstr "" + "lämplig lösenordspolicy." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7271,13 +7229,13 @@ msgstr "" + "för att avgöra åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7286,7 +7244,7 @@ msgstr "" + "fjärrvärdar kan få åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7296,12 +7254,12 @@ msgstr "" + "åtkomstkontroll aktiveras" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Standard: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7310,12 +7268,12 @@ msgstr "" + "gång." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7328,22 +7286,22 @@ msgstr "" + "LDAP-servern inte kan kontrolleras ordentligt. " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exempel: cn=ppolicy,ou=policies,dc=exempel,dc=se" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7352,12 +7310,12 @@ msgstr "" + "alternativ är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7366,7 +7324,7 @@ msgstr "" + "basobjektet, men inte vid lokalisering basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7375,7 +7333,7 @@ msgstr "" + "basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7384,7 +7342,7 @@ msgstr "" + "lokalisering av basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7393,12 +7351,12 @@ msgstr "" + "klientbiblioteken)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7407,7 +7365,7 @@ msgstr "" + "servrar som använder schemat RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7424,7 +7382,7 @@ msgstr "" + "via anrop av getpw*() eller initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7435,12 +7393,12 @@ msgstr "" + "de lokala användarna med de extra LDAP-grupperna." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7449,25 +7407,18 @@ msgstr "" + "jokertecken." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "För närvarande stödjer endast respondenten InfoPipe jockeruppslagningar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Standard: 1000 (ofta storleken på en sida)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7477,19 +7428,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Alla de vanliga konfigurationsalternativen som gäller SSSD-domäner gäller " +-"även LDAP-domäner. Se avsnittet <quote>DOMÄNSEKTIONER</quote> av " +-"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry> för fullständiga detaljer. " +-"<placeholder type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDOALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7500,12 +7446,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7515,7 +7461,7 @@ msgstr "" + "servern)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7524,17 +7470,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Standard: 21600 (6 timmar)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7545,7 +7491,7 @@ msgstr "" + "USN-värde som för närvarande är känt av SSSD)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7554,7 +7500,7 @@ msgstr "" + "istället." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7570,12 +7516,12 @@ msgstr "" + "<emphasis>ldap_connection_expire_timeout</emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7584,12 +7530,12 @@ msgstr "" + "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7598,7 +7544,7 @@ msgstr "" + "domännamn som skall användas för att filtrera reglerna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7607,8 +7553,8 @@ msgstr "" + "fullständigt kvalificerade domännamnet automatiskt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7617,17 +7563,17 @@ msgstr "" + "emphasis> har detta alternativ ingen effekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Standard: inte angivet" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7636,7 +7582,7 @@ msgstr "" + "skall användas för att filtrera reglerna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7645,12 +7591,12 @@ msgstr "" + "automatiskt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7659,12 +7605,12 @@ msgstr "" + "attributet sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7673,7 +7619,7 @@ msgstr "" + "attributet sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7682,7 +7628,7 @@ msgstr "" + "LDAP-serversidan!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7695,12 +7641,12 @@ msgstr "" + "manvolnum> </citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFSALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7708,47 +7654,47 @@ msgstr "" + "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Namnet på automount master-kartan i LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Standard: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "AVANCERADE ALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7761,22 +7707,22 @@ msgstr "" + "avaktivera denna funktion om gruppnamn inte visas korrekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7789,14 +7735,14 @@ msgstr "" + "\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7806,7 +7752,7 @@ msgstr "" + "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7826,20 +7772,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -7848,7 +7794,7 @@ msgstr "" + "ldap_access_order=lockout används." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7874,13 +7820,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTER" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -9784,7 +9730,7 @@ msgstr "" + "identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (boolean)" + +@@ -9804,7 +9750,7 @@ msgstr "" + "alternativet <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -9824,12 +9770,12 @@ msgstr "" + "använda <emphasis>dyndns_update</emphasis> i sin konfigurationsfil." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -9856,12 +9802,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Default: 1200 (sekunder)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -9894,17 +9840,17 @@ msgstr "" + "förbindelsen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "dyndns_auth (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9915,7 +9861,7 @@ msgstr "" + "sätta detta alternativ till ”none”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "Standard: GSS-TSIG" + +@@ -9949,7 +9895,7 @@ msgstr "" + "upptäckten används som backup-servrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (heltal)" + +@@ -9965,12 +9911,12 @@ msgstr "" + "alternativ är valfritt och tillämpligt endast när dyndns_update är sann." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9993,12 +9939,12 @@ msgid "Default: False (disabled)" + msgstr "Standard: False (avaktiverat)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -10007,17 +9953,17 @@ msgstr "" + "med DNS-servern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Standard: False (låt nsupdate välja protokollet)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "dyndns_server (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." +@@ -10026,7 +9972,7 @@ msgstr "" + "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." +@@ -10035,7 +9981,7 @@ msgstr "" + "skild från identitetsservern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." +@@ -10045,17 +9991,17 @@ msgstr "" + "inställningar misslyckas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "Standard: Ingen (låt nsupdate välja servern)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "dyndns_update_per_family (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10183,12 +10129,12 @@ msgstr "" + "till bas-DN:en för att användas när LDAP-operationer utförs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." +@@ -10197,7 +10143,7 @@ msgstr "" + "för Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." +@@ -10206,7 +10152,7 @@ msgstr "" + "”none”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11252,19 +11198,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " + "information on the supported policy settings please refer to the " + "<quote>ad_gpo_map</quote> options." + msgstr "" +-"GPO-baserad åtkomstkontrollsfunktionalitet använder GPO-policyinställningar " +-"för att avgöra huruvida en viss användare tillåts att logga på en viss värd." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -11322,16 +11261,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -11344,14 +11273,6 @@ msgid "" + "functions' is required (see <citerefentry> <refentrytitle>sssctl</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." + msgstr "" +-"OBS: Om arbetsläget är satt till tvingande är det möjligt att användare som " +-"tidigare tilläts inloggningsåtkomst nu kommer att nekas inloggningsåtkomst " +-"(som det dikteras av GPO-policyinställningarna). För att möjliggöra en " +-"smidig övergång för administratörer är ett tillåtande läge tillgängligt som " +-"inte kommer tvinga reglerna för åtkomstkontroll, men kommer beräkna dem och " +-"skriva ut ett syslog-meddelande om åtkomst skulle ha nekats. Genom att " +-"granska loggarna kan administratörer sedan göra de nödvändiga ändringarna " +-"före de ställer in arbetsläget till tvingande." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -12012,9 +11933,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "Standard: 86400:750 (24h och 15m)" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (boolean)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -12030,12 +11969,12 @@ msgstr "" + "på annat sätt med alternativet <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Standard: 3600 (sekunder)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" +@@ -12044,7 +11983,7 @@ msgstr "" + "förbindelsen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -12059,12 +11998,12 @@ msgstr "" + "mindre än 60 ges kommer parametern endast anta det lägsta värdet." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Standard: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -12075,7 +12014,7 @@ msgstr "" + "exempel visar endast alternativ som är specifika för leverantören AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -12099,7 +12038,7 @@ msgstr "" + "ad_domain = exempel.se\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -12111,7 +12050,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -12122,7 +12061,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -12137,7 +12076,7 @@ msgstr "" + "krypteringsdetaljer) manuellt." + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -12754,16 +12693,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer " +-"klientprogram inte använda den snabba cachen i minnet." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -14016,38 +13949,20 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:518 +-#, fuzzy +-#| msgid "" +-#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a " +-#| "colon. The first number represents number of primary servers used and the " +-#| "second number specifies the number of backup servers." + msgid "" + "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " + "The first number represents number of primary servers used and the second " + "number specifies the number of backup servers." + msgstr "" +-"Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett " +-"kolon. Det första talet representerar antalet primärservrar som används och " +-"det andra talet anger antalet reservservrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +-#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup " +-#| "servers." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Till exempel betyder <emphasis>10:0</emphasis> att upp till 10 primärservrar " +-"kommer lämnas till<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. men inga " +-"reservservrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -17121,21 +17036,11 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> + #: sssd-kcm.8.xml:61 +-#, fuzzy +-#| msgid "" +-#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> " +-#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </" +-#| "citerefentry> secrets store, allowing the ccaches to survive KCM server " +-#| "restarts or machine reboots." + msgid "" + "the SSSD implementation stores the ccaches in a database, typically located " + "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " + "survive KCM server restarts or machine reboots." + msgstr "" +-"SSSD-implementationen sparar ccache:rna i SSSD:s hemlighetsförråd " +-"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" +-"manvolnum> </citerefentry>, vilket gör att ccache:rna kan överleva att KCM-" +-"servern eller hela maskinen startas om." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:67 +@@ -17322,24 +17227,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the files provider for <citerefentry> " +-#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +-#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Denna manualsida besriver filleverantören till <citerefentry> " +-"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-"citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +-"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -17373,10 +17266,8 @@ msgstr "Standard: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "max_secrets (integer)" + msgid "max_ccaches (integer)" +-msgstr "max_secrets (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -17390,10 +17281,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "max_uid_secrets (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "max_uid_secrets (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -17404,17 +17293,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Standard: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "max_payload_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "max_payload_size (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -17425,10 +17310,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Standard: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -17608,13 +17491,7 @@ msgstr "Känner av funktionen sdap_get_generic_ext_send()." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:152 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "base:string\n" +-#| "scope:integer\n" +-#| "filter:string\n" +-#| "probestr:string\n" +-#| " " ++#, no-wrap + msgid "" + "base:string\n" + "scope:integer\n" +@@ -17623,11 +17500,6 @@ msgid "" + "probestr:string\n" + " " + msgstr "" +-"base:sträng\n" +-"scope:heltal\n" +-"filter:sträng\n" +-"probestr:sträng\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:161 +@@ -17657,10 +17529,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_deref_send" + msgid "probe sdap_parse_entry" +-msgstr "testpunkt sdap_deref_send" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -17671,24 +17541,17 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "filter:string\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"filter:sträng\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "testpunkt dp_req_done" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -17976,10 +17839,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -17998,28 +17859,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "SSSD LDAP-leverantör" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -18027,11 +17876,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Denna manualsida beskriver beskriver konfigurationen av LDAP-domäner för " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Se avsnittet <quote>FILFORMAT</quote> av manualsidan " +-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> för detaljerad syntaxinformation." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -18907,10 +18751,8 @@ msgstr "ldap_group_modify_timestamp (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -19132,10 +18974,8 @@ msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "TJÄNSTESEKTIONER" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -19380,10 +19220,8 @@ msgstr "Standard: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFSALTERNATIV" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -19691,19 +19529,15 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +-#, fuzzy +-#| msgid "How long would SSSD talk to a single DNS server." + msgid "" + "Time in milliseconds that sets how long would SSSD talk to a single DNS " + "server before trying next one." +-msgstr "Hur länge SSSD skall prata med en enskild DNS-server." ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:90 +@@ -19749,13 +19583,6 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para> + #: include/failover.xml:123 +-#, fuzzy +-#| msgid "" +-#| "For LDAP-based providers, the resolve operation is performed as part of " +-#| "an LDAP connection operation. Therefore, also the " +-#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value " +-#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a " +-#| "larger value than <quote>dns_resolver_op_timeout</quote>." + msgid "" + "For LDAP-based providers, the resolve operation is performed as part of an " + "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></" +@@ -19764,11 +19591,6 @@ msgid "" + "value than <quote>dns_resolver_op_timeout</quote> which should be larger " + "than <quote>dns_resolver_server_timeout</quote>." + msgstr "" +-"För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av " +-"LDAP-anslutningsoperationen. Därför skall även tidsgränsen " +-"<quote>ldap_opt_timeout></quote> sättas till ett större värde än " +-"<quote>dns_resolver_timeout</quote> som i sin tur skall sättas till ett " +-"större värde än <quote>dns_resolver_op_timeout</quote>." + + #. type: Content of: <refsect1><title> + #: include/ldap_id_mapping.xml:2 +@@ -21008,93 +20830,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "ldap_group_external_member = ipaExternalMember" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "Bakgrundsuppdateringen kommer bearbeta användare, grupper och nätgrupper " +-#~ "i cachen." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Standard: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (heltal)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the InteractiveLogonRight and " +-#~ "DenyInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "InteractiveLogonRight och DenyInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the RemoteInteractiveLogonRight and " +-#~ "DenyRemoteInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the NetworkLogonRight and " +-#~ "DenyNetworkLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "NetworkLogonRight och DenyNetworkLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +-#~ "policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight " +-#~ "och DenyBatchLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the ServiceLogonRight and " +-#~ "DenyServiceLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "ServiceLogonRight och DenyServiceLogonRight." +- +-#~ msgid "" +-#~ "The KCM service is configured in the <quote>kcm</quote> section of the " +-#~ "sssd.conf file. Please note that currently, is it not sufficient to " +-#~ "restart the sssd-kcm service, because the sssd configuration is only " +-#~ "parsed and read to an internal configuration database by the sssd " +-#~ "service. Therefore you must restart the sssd service if you change " +-#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed " +-#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +-#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-#~ "manvolnum> </citerefentry> manual page." +-#~ msgstr "" +-#~ "Tjänsten KCM konfigureras i avsnittet <quote>kcm</quote> av filen sssd." +-#~ "conf file. Observera att för närvarande är det inte tillräckligt att " +-#~ "starta om tjänsten sssd-kcm, eftersom konfigurationen av sssd bara tolkas " +-#~ "och läses till en intern konfigurationsdatabas av tjänsten sssd. Därför " +-#~ "måste man starta om tjänsten sssd om man ändrar något i avsnittet " +-#~ "<quote>kcm</quote> av sssd.conf. för en detaljerad syntaxreferens, se " +-#~ "avsnittet <quote>FILFORMAT</quote> manualsidan <citerefentry> " +-#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#~ "citerefentry>." +diff --git a/src/man/po/tg.po b/src/man/po/tg.po +index d723e7aa1..079c73eca 100644 +--- a/src/man/po/tg.po ++++ b/src/man/po/tg.po +@@ -5,9 +5,9 @@ + # Translators: + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:10+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +@@ -294,9 +294,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Пешфарз: true" +@@ -316,16 +316,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Пешфарз: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -354,7 +354,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Пешфарз: 10" + +@@ -652,8 +652,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -762,10 +762,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Пешфарз: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1735,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Пешфарз: 0" + +@@ -1799,7 +1797,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1864,8 +1862,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5034,34 +5032,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5069,14 +5086,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5084,17 +5101,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5104,12 +5121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5117,17 +5134,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5135,7 +5165,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5146,7 +5176,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5155,7 +5185,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5163,26 +5193,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5190,7 +5220,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5198,7 +5228,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5206,41 +5236,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5249,32 +5279,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5282,24 +5312,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5307,17 +5337,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5328,24 +5358,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5356,12 +5386,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5374,7 +5404,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5386,17 +5416,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5404,49 +5434,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Пешфарз: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5454,28 +5484,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5487,7 +5517,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5495,7 +5525,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5503,39 +5533,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5545,7 +5575,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5553,26 +5583,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5580,7 +5610,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5588,31 +5618,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5621,56 +5651,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5686,12 +5716,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Намуна:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5700,14 +5730,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5716,24 +5746,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5741,19 +5771,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5762,7 +5792,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5770,7 +5800,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5779,7 +5809,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5787,22 +5817,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5812,14 +5842,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5832,12 +5862,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5847,7 +5877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5857,63 +5887,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5922,74 +5952,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6000,7 +6030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6008,24 +6038,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6042,12 +6072,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6055,36 +6085,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6092,14 +6122,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6109,101 +6139,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6212,59 +6242,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6273,22 +6303,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6297,14 +6327,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "НАМУНА" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6312,7 +6342,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6325,27 +6355,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6361,13 +6391,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ЭЗОҲҲО" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7897,7 +7927,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7912,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7927,12 +7957,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7953,12 +7983,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7982,17 +8012,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8000,7 +8030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8027,7 +8057,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8040,12 +8070,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8064,60 +8094,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8231,26 +8261,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9690,9 +9720,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9702,19 +9748,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9724,12 +9770,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9737,7 +9783,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9752,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9761,7 +9807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9769,7 +9815,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9779,7 +9825,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13898,10 +13944,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Пешфарз: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13917,10 +13961,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Пешфарз: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +diff --git a/src/man/po/uk.po b/src/man/po/uk.po +index 16d288464..1c706cc16 100644 +--- a/src/man/po/uk.po ++++ b/src/man/po/uk.po +@@ -12,10 +12,10 @@ + # Yuri Chornoivan <yurchor@ukr.net>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" +-"PO-Revision-Date: 2019-06-14 04:59+0000\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" ++"PO-Revision-Date: 2019-12-03 01:50+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/" + "uk/)\n" +@@ -362,9 +362,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Типове значення: true" +@@ -387,16 +387,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Типове значення: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -429,7 +429,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Типове значення: 10" + +@@ -642,10 +642,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (булеве значення)" ++msgstr "monitor_resolv_conf (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -653,6 +651,8 @@ msgid "" + "Controls if SSSD should monitor the state of resolv.conf to identify when it " + "needs to update its internal DNS resolver." + msgstr "" ++"Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення " ++"моменту, коли слід оновити дані вбудованого інструмента визначення DNS." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:335 +@@ -661,20 +661,13 @@ msgstr "try_inotify (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід " +-"оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою " +-"використовується inotify. У разі неможливості використання inotify, " ++"Типово, з метою спостереження за змінами у файлах налаштувань SSSD " ++"намагається використати inotify. Якщо використати inotify не вдається, " + "виконуватиметься опитування resolv.conf кожні п’ять секунд." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +@@ -794,13 +787,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -811,16 +797,20 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Будь ласка, зауважте, що якщо встановлено цей параметр, для усіх " +-"користувачів із основного домену доведеться використовувати ім’я повністю, " +-"тобто користувач@назва.домену, для входу до системи. Встановлення цього " +-"параметра змінює типове значення use_fully_qualified_names на True. Цей " +-"параметр не можна використовувати у поєднанні із значенням " +-"use_fully_qualified_names рівним False." ++"Будь ласка, зауважте, що якщо встановлено цей параметр, для входу до системи " ++"усім користувачам із основного домену доведеться використовувати повне ім'я " ++"користувача — користувач@назва.домену. Встановлення цього параметра змінює " ++"типове значення параметра use_fully_qualified_names на True. Цей параметр не " ++"можна використовувати у поєднанні із встановленням для параметра " ++"use_fully_qualified_names значення False. Єдиним виключенням з цього правила " ++"є домени із <quote>id_provider=files</quote>, для яких завжди виконується " ++"спроба встановлення поведінки, як відповідає nss_files, а отже, виведені " ++"імена для них не будуть повними, навіть якщо використано параметр " ++"default_domain_suffix." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -890,15 +880,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "soft_ocsp" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 + msgid "(NSS Version) This option is ignored." +-msgstr "" ++msgstr "(Версія для NSS) Цей параметр буде проігноровано." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:488 +@@ -908,11 +896,15 @@ msgid "" + "authentication when the system is offline and the OCSP responder cannot be " + "reached." + msgstr "" ++"(Версія для OpenSSL) Якщо не вдасться встановити з'єднання із відповідачем " ++"OCSP, перевірку OCSP буде пропущено. Цим параметром слід користуватися для " ++"того, щоб дозволити розпізнавання тоді, коли система працює автономно, отже " ++"відповідач OCSP є недоступним." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:498 + msgid "ocsp_dgst" +-msgstr "" ++msgstr "ocsp_dgst" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:500 +@@ -920,39 +912,41 @@ msgid "" + "Digest (hash) function used to create the certificate ID for the OCSP " + "request. Allowed values are:" + msgstr "" ++"Функція обчислення контрольної суми (хешу), яку буде використано для " ++"створення ідентифікатора сертифіката для запиту OCSP. Можливі значення:" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:504 + msgid "sha1" +-msgstr "" ++msgstr "sha1" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:505 + msgid "sha256" +-msgstr "" ++msgstr "sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:506 + msgid "sha384" +-msgstr "" ++msgstr "sha384" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:507 + msgid "sha512" +-msgstr "" ++msgstr "sha512" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Типове значення: 5" ++msgstr "Типове значення: sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 + msgid "" + "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally." + msgstr "" ++"(Версія для NSS) Цей параметр буде проігноровано, оскільки у NSS завжди " ++"використовується sha1." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:518 +@@ -1059,7 +1053,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:583 + msgid "soft_crl" +-msgstr "" ++msgstr "soft_crl" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:588 +@@ -1069,6 +1063,10 @@ msgid "" + "allow authentication when the system is offline and the CRL cannot be " + "renewed." + msgstr "" ++"(Версія для OpenSSL) Якщо строк дії списку відкликання сертифікатів (CRL) " ++"вичерпано, перевірки CRL для відповідних сертифікатів буде проігноровано. " ++"Цим параметром слід користуватися для уможливлення розпізнавання у системах, " ++"які працюють у автономному режимі, коли оновлення CRL є неможливим." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:468 +@@ -2157,7 +2155,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Типове значення: 0" + +@@ -2236,7 +2234,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Типове значення: none" + +@@ -2315,8 +2313,8 @@ msgstr "" + "розпізнавання, типово таку сертифікацію вимкнено." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Типове значення: False" +@@ -2696,10 +2694,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (рядок)" ++msgstr "ssh_use_certificate_matching_rules (рядок)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2710,6 +2706,12 @@ msgid "" + "comma separated list of mapping and matching rule names. All other rules " + "will be ignored." + msgstr "" ++"Типово, відповідач SSH буде використовувати усі доступні правила " ++"встановлення відповідності сертифікатів для фільтрування сертифікатів, тому " ++"ключі SSH будуть створюватися лише на основі відповідних правилам " ++"сертифікатів. За допомогою цього параметра можна обмежити перелік " ++"використаних правил на основі списку назв правил прив'язки і відповідності, " ++"відокремлених комами. Усі інші правила буде проігноровано." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1763 +@@ -2717,13 +2719,14 @@ msgid "" + "If a non-existing rule name is given all rules will be ignored and all " + "available certificates will be used to derive ssh keys." + msgstr "" ++"Якщо буде вказано назву правила, якого не існує, буде проігноровано усі " ++"правила, а для створення ключів SSH буде використано усі доступні " ++"сертифікати." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Типове значення: не встановлено (пробіли не замінятимуться)" ++msgstr "Типове значення: не встановлено, буде використано усі знайдені правила" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3389,15 +3392,16 @@ msgid "" + "user, typically ran at login) operation in the past, both the user entry " + "and the group membership are updated." + msgstr "" ++"Під час фонового оновлення виконуватиметься обробка записів користувачів, " ++"груп та мережевих груп у кеші. для записів користувачів, для яких " ++"виконувалися дії з ініціювання груп (отримання даних щодо участі користувача " ++"у групах, які типово виконуються під час входу до системи), буде оновлено і " ++"запис користувача, і дані щодо участі у групах." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 +-#, fuzzy +-#| msgid "" +-#| "This option specifies the maximum allowed number of nested containers." + msgid "This option is automatically inherited for all trusted domains." +-msgstr "" +-"Цей параметр визначає максимальну дозволену кількість вкладених контейнерів." ++msgstr "Цей параметр автоматично успадковується для усіх довірених доменів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4646,13 +4650,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -5410,12 +5407,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " +@@ -5484,11 +5475,6 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " +@@ -5509,12 +5495,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" +@@ -5527,11 +5507,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " +@@ -6341,17 +6316,38 @@ msgstr "" + "дії TGT)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Типове значення: 900 (15 хвилин)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (ціле значення)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6361,17 +6357,17 @@ msgstr "" + "один запит." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Типове значення: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6382,7 +6378,7 @@ msgstr "" + "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6392,7 +6388,7 @@ msgstr "" + "підтримкою не можна скористатися." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6403,17 +6399,17 @@ msgstr "" + "це може призвести до відмови у виконанні запитів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Вимкнути отримання діапазону Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6429,12 +6425,12 @@ msgstr "" + "буде представлено як такі, у яких немає учасників." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (ціле значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6445,19 +6441,42 @@ msgstr "" + "параметра визначається OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Типове значення: типове для системи значення (зазвичай, визначається у ldap." + "conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (ціле значення)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний " ++"рівень захисту, потрібний для встановлення з’єднання. Значення цього " ++"параметра визначається OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6469,7 +6488,7 @@ msgstr "" + "виконуватиметься окремо." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6487,7 +6506,7 @@ msgstr "" + "rootDSE." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6500,7 +6519,7 @@ msgstr "" + "OpenLDAP та Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6511,12 +6530,12 @@ msgstr "" + "незалежно від використання цього параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6526,7 +6545,7 @@ msgstr "" + "таких значень:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6535,7 +6554,7 @@ msgstr "" + "жодних сертифікатів сервера." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6547,7 +6566,7 @@ msgstr "" + "режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6558,7 +6577,7 @@ msgstr "" + "надано помилковий сертифікат, негайно перервати сеанс." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6569,22 +6588,22 @@ msgstr "" + "перервати сеанс." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Типове значення: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6593,7 +6612,7 @@ msgstr "" + "розпізнаються <command>sssd</command>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6602,12 +6621,12 @@ msgstr "" + "у <filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6620,32 +6639,32 @@ msgstr "" + "<command>cacertdir_rehash</command>, якщо ця програма є доступною." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Визначає файл, який містить сертифікат для ключа клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Визначає файл, у якому міститься ключ клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6657,12 +6676,12 @@ msgstr "" + "<manvolnum>5</manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6671,12 +6690,12 @@ msgstr "" + "class=\"protocol\">tls</systemitem> для захисту каналу." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6688,19 +6707,19 @@ msgstr "" + "ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "У поточній версії у цій можливості передбачено підтримку лише встановлення " + "відповідності objectSID у ActiveDirectory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6720,18 +6739,18 @@ msgstr "" + "ідентифікаторів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + "Типове значення: не встановлено (обидва параметри встановлено у значення 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6740,7 +6759,7 @@ msgstr "" + "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6758,12 +6777,12 @@ msgstr "" + "manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6783,7 +6802,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6804,17 +6823,17 @@ msgstr "" + "таблиці ключів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6826,17 +6845,17 @@ msgstr "" + "проігноровано." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Типове значення: значення krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6846,36 +6865,36 @@ msgstr "" + "SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Типове значення: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6886,12 +6905,12 @@ msgstr "" + "механізм GSSAPI або GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" +@@ -6899,17 +6918,17 @@ msgstr "" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Типове значення: 86400 (24 години)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6928,7 +6947,7 @@ msgstr "" + "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6940,7 +6959,7 @@ msgstr "" + "вдасться знайти." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6951,30 +6970,30 @@ msgstr "" + "варто перейти на використання «krb5_server» у файлах налаштувань." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6984,12 +7003,12 @@ msgstr "" + "версії MIT Kerberos >= 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -7004,7 +7023,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -7015,12 +7034,12 @@ msgstr "" + "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -7029,7 +7048,7 @@ msgstr "" + "використовувати такі значення:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -7038,7 +7057,7 @@ msgstr "" + "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -7049,7 +7068,7 @@ msgstr "" + "manvolnum></citerefentry> для визначення того, чи чинним є пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -7060,7 +7079,7 @@ msgstr "" + "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -7070,18 +7089,18 @@ msgstr "" + "встановленими за допомогою цього параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -7090,7 +7109,7 @@ msgstr "" + "з версією OpenLDAP 2.4.13 або новішою версією." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -7104,28 +7123,28 @@ msgstr "" + "«false» може значно пришвидшити роботу." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Визначає назву служби, яку буде використано у разі вмикання визначення служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Типове значення: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -7134,17 +7153,17 @@ msgstr "" + "уможливлює зміну паролів, у разі вмикання визначення служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -7153,12 +7172,12 @@ msgstr "" + "щодо кількості днів з часу виконання дії зі зміни пароля." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7187,12 +7206,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Приклад:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7204,7 +7223,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7213,7 +7232,7 @@ msgstr "" + "employeeType встановлено у значення «admin»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7227,17 +7246,17 @@ msgstr "" + "таких прав не було надано, у автономному режимі їх також не буде надано." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Типове значення: порожній рядок" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7246,7 +7265,7 @@ msgstr "" + "керування доступом на боці клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7257,12 +7276,12 @@ msgstr "" + "з відповідним кодом помилки, навіть якщо вказано правильний пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Можна використовувати такі значення:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7271,7 +7290,7 @@ msgstr "" + "визначити, чи завершено строк дії облікового запису." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7284,7 +7303,7 @@ msgstr "" + "Також буде перевірено, чи не вичерпано строк дії облікового запису." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7295,7 +7314,7 @@ msgstr "" + "ldap_ns_account_lock." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7308,7 +7327,7 @@ msgstr "" + "атрибутів, надати доступ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7319,24 +7338,24 @@ msgstr "" + "користуватися параметром ldap_account_expire_policy." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Список відокремлених комами параметрів керування доступом. Можливі значення " + "списку:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7351,7 +7370,7 @@ msgstr "" + "для працездатності цієї можливості слід встановити «access_provider = ldap»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7361,7 +7380,7 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7384,13 +7403,13 @@ msgstr "" + "параметра слід встановити значення «access_provider = ldap»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7405,7 +7424,7 @@ msgstr "" + "наприклад на ключах SSH." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7420,7 +7439,7 @@ msgstr "" + "негайно змінити пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7428,7 +7447,7 @@ msgstr "" + "від SSSD не надходитиме." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7438,7 +7457,7 @@ msgstr "" + "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7447,14 +7466,14 @@ msgstr "" + "можливості доступу атрибут authorizedService" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " + "права доступу" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7463,7 +7482,7 @@ msgstr "" + "того, чи матиме віддалений вузол доступ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7473,12 +7492,12 @@ msgstr "" + "керування доступом." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Типове значення: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7487,12 +7506,12 @@ msgstr "" + "використано декілька разів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7506,22 +7525,22 @@ msgstr "" + "можна буде перевірити належним чином." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7530,13 +7549,13 @@ msgstr "" + "пошуку. Можливі такі варіанти:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7546,7 +7565,7 @@ msgstr "" + "пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7555,7 +7574,7 @@ msgstr "" + "під час визначення місця основного об’єкта пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7564,7 +7583,7 @@ msgstr "" + "час пошуку, так і під час визначення місця основного об’єкта пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7573,12 +7592,12 @@ msgstr "" + "сценарієм <emphasis>never</emphasis>)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7587,7 +7606,7 @@ msgstr "" + "серверів, у яких використовується схема RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7605,7 +7624,7 @@ msgstr "" + "користувачів за допомогою виклику getpw*() або initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7617,12 +7636,12 @@ msgstr "" + "групами LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7631,26 +7650,19 @@ msgstr "" + "пошуку з використанням символів-замінників." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "У поточній версії пошук із використанням символів-замінників передбачено " + "лише для відповідача InfoPipe." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Типове значення: 1000 (часто розмір однієї сторінки)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7663,16 +7675,19 @@ msgstr "" + "Всі загальні параметри налаштування, які стосуються доменів SSSD, також " + "стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " + "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " +-"<placeholder type=\"variablelist\" id=\"0\"/>" ++"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. Зауважте, що " ++"атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо " ++"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> " ++"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " ++"id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "ПАРАМЕТРИ SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7683,12 +7698,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7698,7 +7713,7 @@ msgstr "" + "набір правил, що зберігаються на сервері." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7707,17 +7722,17 @@ msgstr "" + "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Типове значення: 21600 (6 годин)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7728,7 +7743,7 @@ msgstr "" + "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7737,7 +7752,7 @@ msgstr "" + "дані атрибута modifyTimestamp." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7753,12 +7768,12 @@ msgstr "" + "emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7768,12 +7783,12 @@ msgstr "" + "назв вузлів)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7782,7 +7797,7 @@ msgstr "" + "фільтрування списку правил." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7791,8 +7806,8 @@ msgstr "" + "назву вузла та повну назву комп’ютера у домені у автоматичному режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7801,17 +7816,17 @@ msgstr "" + "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Типове значення: не вказано" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7820,7 +7835,7 @@ msgstr "" + "правил." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7829,12 +7844,12 @@ msgstr "" + "адресу у автоматичному режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7843,12 +7858,12 @@ msgstr "" + "мережеву групу (netgroup) у атрибуті sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7857,7 +7872,7 @@ msgstr "" + "заміни у атрибуті sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7866,7 +7881,7 @@ msgstr "" + "для сервера LDAP!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7879,12 +7894,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "ПАРАМЕТРИ AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7893,47 +7908,47 @@ msgstr "" + "LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Назва основної карти автоматичного монтування у LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Типове значення: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "ДОДАТКОВІ ПАРАМЕТРИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7946,22 +7961,22 @@ msgstr "" + "груп показуються неправильно." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7974,14 +7989,14 @@ msgstr "" + "<placeholder type=\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "ПРИКЛАД" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7992,7 +8007,7 @@ msgstr "" + "<replaceable>[domains]</replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8012,20 +8027,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -8034,7 +8049,7 @@ msgstr "" + "чином і використано ldap_access_order=lockout." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8060,13 +8075,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ЗАУВАЖЕННЯ" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -10001,7 +10016,7 @@ msgstr "" + "цього вузла. Назву вузла слід вказувати повністю." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (булеве значення)" + +@@ -10021,7 +10036,7 @@ msgstr "" + "допомогою параметра «dyndns_iface»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -10042,12 +10057,12 @@ msgstr "" + "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -10074,12 +10089,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Типове значення: 1200 (секунд)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -10112,17 +10127,17 @@ msgstr "" + "для з’єднання LDAP IPA" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "dyndns_auth (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -10133,7 +10148,7 @@ msgstr "" + "можна надсилати встановленням для цього параметра значення «none»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "Типове значення: GSS-TSIG" + +@@ -10168,7 +10183,7 @@ msgstr "" + "вважатимуться резервними серверами." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (ціле число)" + +@@ -10185,12 +10200,12 @@ msgstr "" + "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -10214,12 +10229,12 @@ msgid "Default: False (disabled)" + msgstr "Типове значення: False (вимкнено)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -10228,17 +10243,17 @@ msgstr "" + "даними з сервером DNS." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "dyndns_server (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." +@@ -10248,7 +10263,7 @@ msgstr "" + "параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." +@@ -10257,7 +10272,7 @@ msgstr "" + "DNS відрізняється від сервера профілів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." +@@ -10267,17 +10282,17 @@ msgstr "" + "невдало." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "dyndns_update_per_family (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10410,12 +10425,12 @@ msgstr "" + "перетворено у основний DN для виконання дій LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." +@@ -10424,7 +10439,7 @@ msgstr "" + "налаштувань Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." +@@ -10433,7 +10448,7 @@ msgstr "" + "значення «none»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11500,11 +11515,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " +@@ -11513,7 +11523,9 @@ msgid "" + msgstr "" + "Функціональні можливості з керування доступом на основі GPO використовують " + "параметри правил GPO для визначення того, може чи не може той чи інший " +-"користувач увійти до системи певного вузла мережі." ++"користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша " ++"інформація щодо підтримуваних параметрів правил, зверніться до параметрів " ++"<quote>ad_gpo_map</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -11523,6 +11535,11 @@ msgid "" + "S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " + "upstream issue tracker https://pagure.io/SSSD/sssd/issue/4099 ." + msgstr "" ++"Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено " ++"підтримки вбудованих груп Active Directory. Вбудовані групи до правил " ++"керування доступом на основі GPO (зокрема Administrators із SID " ++"S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за " ++"вадами https://pagure.io/SSSD/sssd/issue/4099 ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:376 +@@ -11533,6 +11550,11 @@ msgid "" + "a user, the user or at least one of the groups to which it belongs must have " + "following permissions on the GPO:" + msgstr "" ++"Перед виконанням керування доступом SSSD застосовує захисне фільтрування на " ++"основі правил груп до списку GPO. Для кожного входу користувача до системи " ++"програма перевіряє застосовність GPO, які пов'язано із відповідним вузлом. " ++"Щоб GPO можна було застосувати до користувача, користувач або принаймні одна " ++"з груп, до яких він належить, повинен мати такі права доступу до GPO:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd-ad.5.xml:386 +@@ -11540,6 +11562,8 @@ msgid "" + "Read: The user or one of its groups must have read access to the properties " + "of the GPO (RIGHT_DS_READ_PROPERTY)" + msgstr "" ++"Read: користувач або одна з його груп повинна мати доступ до читання " ++"властивостей GPO (RIGHT_DS_READ_PROPERTY)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd-ad.5.xml:393 +@@ -11547,6 +11571,8 @@ msgid "" + "Apply Group Policy: The user or at least one of its groups must be allowed " + "to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." + msgstr "" ++"Apply Group Policy: користувач або принаймні одна з його груп повинна мати " ++"доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:401 +@@ -11557,6 +11583,11 @@ msgid "" + "and access control are started, the Authenticated Users group permissions on " + "the GPO always apply also to the user." + msgstr "" ++"Типово, у GPO є група Authenticated Users, для якої встановлено одразу права " ++"доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має " ++"бути успішно завершено до захисного фільтрування GPO і запуску керування " ++"доступом, до облікового запису користувача завжди застосовуються права " ++"доступу групи Authenticated Users щодо GPO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:410 +@@ -11572,16 +11603,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -11603,7 +11624,10 @@ msgstr "" + "відповідність цим правилам і виводитиме до системного журналу повідомлення, " + "якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть " + "змогу адміністраторам внести відповідні зміни до встановлення примусового " +-"режиму (enforcing)." ++"режиму (enforcing). Для запису до журналу даних керування доступом на основі " ++"GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника " ++"<citerefentry> <refentrytitle>sssctl</refentrytitle> <manvolnum>8</" ++"manvolnum> </citerefentry>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -11728,6 +11752,19 @@ msgid "" + "local access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка " ++"лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy " ++"(див. параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із " ++"оброблених GPO міститься параметр заборони інтерактивного входу до системи " ++"для користувача або однієї з його груп, користувачеві буде заборонено " ++"локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права " ++"на інтерактивний вхід до системи, користувачеві буде надано локальний " ++"доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " ++"інтерактивний вхід до системи, користувачеві буде надано лише локальний " ++"доступ, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:549 +@@ -11818,6 +11855,19 @@ msgid "" + "settings, the user is granted remote access only, if it or at least one of " + "its groups is part of the policy settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"RemoteInteractiveLogonRight і DenyRemoteInteractiveLogonRight. " ++"Виконуватиметься оцінка лише тих GPO, до яких користувач має права доступу " ++"Read і Apply Group Policy (див. параметр <quote>ad_gpo_access_control</" ++"quote>). Якщо у якомусь із оброблених GPO міститься параметр заборони " ++"віддаленого входу до системи для користувача або однієї з його груп, " ++"користувачеві буде заборонено віддалений інтерактивний доступ. Якщо для " ++"жодного із оброблених GPO немає визначеного права на віддалений вхід до " ++"системи, користувачеві буде надано віддалений доступ. Якщо хоча б одному зі " ++"оброблених GPO містяться параметри прав на віддалений вхід до системи, " ++"користувачеві буде надано лише віддалений доступ, якщо він або принаймні " ++"одна з його груп є частиною параметрів правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:657 +@@ -11890,6 +11940,19 @@ msgid "" + "logon access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих " ++"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони входу до системи за допомогою мережі для " ++"користувача або однієї з його груп, користувачеві буде заборонено локальний " ++"доступ. Якщо для жодного із оброблених GPO немає визначеного права на вхід " ++"до системи за допомогою мережі, користувачеві буде надано доступ до входу. " ++"Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід до " ++"системи за допомогою мережі, користувачеві буде надано лише доступ до входу " ++"до системи, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:715 +@@ -11961,6 +12024,19 @@ msgid "" + "settings, the user is granted logon access only, if it or at least one of " + "its groups is part of the policy settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, " ++"до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони пакетного входу до системи для користувача " ++"або однієї з його груп, користувачеві буде заборонено доступ до пакетного " ++"входу до системи. Якщо для жодного із оброблених GPO немає визначеного права " ++"на пакетний вхід до системи, користувачеві буде надано доступ до входу до " ++"системи. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " ++"пакетний вхід до системи, користувачеві буде надано лише доступ до входу до " ++"системи, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:773 +@@ -12033,6 +12109,19 @@ msgid "" + "logon access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих " ++"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони входу до системи за допомогою служб для " ++"користувача або однієї з його груп, користувачеві буде заборонено вхід до " ++"системи за допомогою служб. Якщо для жодного із оброблених GPO немає " ++"визначеного права на вхід до системи за допомогою служб, користувачеві буде " ++"надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO " ++"містяться параметри прав на вхід до системи за допомогою служб, " ++"користувачеві буде надано лише доступ до входу до системи, якщо він або " ++"принаймні одна з його груп є частиною параметрів правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:826 +@@ -12266,9 +12355,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (булеве значення)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -12284,12 +12391,12 @@ msgstr "" + "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Типове значення: 3600 (секунд)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" +@@ -12298,7 +12405,7 @@ msgstr "" + "для з’єднання LDAP AD" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -12315,12 +12422,12 @@ msgstr "" + "значення." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Типове значення: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -12331,7 +12438,7 @@ msgstr "" + "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -12355,7 +12462,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -12367,7 +12474,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -12379,7 +12486,7 @@ msgstr "" + "\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -12394,7 +12501,7 @@ msgstr "" + "шифрування) вручну." + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13029,10 +13136,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." +@@ -14329,11 +14432,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:518 +-#, fuzzy +-#| msgid "" +-#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a " +-#| "colon. The first number represents number of primary servers used and the " +-#| "second number specifies the number of backup servers." + msgid "" + "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " + "The first number represents number of primary servers used and the second " +@@ -14345,12 +14443,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +-#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup " +-#| "servers." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +@@ -14360,7 +14452,7 @@ msgstr "" + "Наприклад, <emphasis>10:0</emphasis> означає «буде передано до 10 основних " + "серверів до <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>», але не буде " +-"передано резервні сервери." ++"передано резервні сервери" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -17497,21 +17589,15 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> + #: sssd-kcm.8.xml:61 +-#, fuzzy +-#| msgid "" +-#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> " +-#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </" +-#| "citerefentry> secrets store, allowing the ccaches to survive KCM server " +-#| "restarts or machine reboots." + msgid "" + "the SSSD implementation stores the ccaches in a database, typically located " + "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " + "survive KCM server restarts or machine reboots." + msgstr "" +-"реалізація у SSSD зберігає ccache-і у сховищі реєстраційних даних " +-"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" +-"manvolnum> </citerefentry> SSSD, що надає змогу ccache-ам переживати " +-"перезапуски сервера KCM та перезавантаження комп'ютера." ++"реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово " ++"називається <replaceable>/var/lib/sss/secrets</replaceable>. За допомогою " ++"цього файла ccache зберігаються протягом періодів перезапуску сервера KCM " ++"або перезавантаження комп'ютера." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:67 +@@ -17698,28 +17784,24 @@ msgid "" + "after changing options in the <quote>kcm</quote> section of sssd.conf: " + "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" ++"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</" ++"quote> файла sssd.conf. Будь ласка, зауважте, що оскільки активація служби " ++"KCM, зазвичай, відбувається за допомогою сокетів, після внесення змін до " ++"розділу <quote>kcm</quote> файла sssd.conf достатньо перезапустити службу " ++"<quote>sssd-kcm</quote>: <placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the files provider for <citerefentry> " +-#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +-#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"На цій сторінці довідника описано налаштування засобу обробки файлів для " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +-"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." ++"Налаштування служби KCM виконують за допомогою <quote>kcm</quote>. Докладний " ++"опис синтаксичних конструкцій налаштувань наведено у розділі <quote>ФОРМАТ " ++"ФАЙЛА</quote> сторінки підручника щодо <citerefentry> <refentrytitle>sssd." ++"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -17755,27 +17837,27 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "max_secrets (integer)" + msgid "max_ccaches (integer)" +-msgstr "max_secrets (ціле значення)" ++msgstr "max_ccaches (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 + msgid "How many credential caches does the KCM database allow for all users." + msgstr "" ++"Скільки кешів реєстраційних може мати даних база даних KCM для усіх " ++"користувачів." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:212 + msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" + msgstr "" ++"Типове значення: 0 (без обмежень, застосовується лише квота на кількість " ++"кешів на UID)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "max_uid_secrets (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "max_uid_secrets (ціле число)" ++msgstr "max_uid_ccaches (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -17783,20 +17865,19 @@ msgid "" + "How many credential caches does the KCM database allow per UID. This is " + "equivalent to <quote>with how many principals you can kinit</quote>." + msgstr "" ++"Скільки кешів реєстраційних може мати даних база даних KCM для окремого UID. " ++"Еквівалент значення <quote>кількість реєстраційних даних, які можна " ++"ініціювати за допомогою kinit</quote>." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Типове значення: 6" ++msgstr "Типове значення: 64" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "max_payload_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "max_payload_size (ціле значення)" ++msgstr "max_ccache_size (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -17804,13 +17885,13 @@ msgid "" + "How big can a credential cache be per ccache. Each service ticket accounts " + "into this quota." + msgstr "" ++"Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця " ++"квота обчислюється для усіх квитків служб разом." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Типове значення: 6" ++msgstr "Типове значення: 65536" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -17988,13 +18069,7 @@ msgstr "Зондує функцію sdap_get_generic_ext_send()." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:152 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "base:string\n" +-#| "scope:integer\n" +-#| "filter:string\n" +-#| "probestr:string\n" +-#| " " ++#, no-wrap + msgid "" + "base:string\n" + "scope:integer\n" +@@ -18006,6 +18081,7 @@ msgstr "" + "base:рядок\n" + "scope:ціле число\n" + "filter:рядок\n" ++"attrs:рядок\n" + "probestr:рядок\n" + " " + +@@ -18037,10 +18113,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_deref_send" + msgid "probe sdap_parse_entry" +-msgstr "зонд sdap_deref_send" ++msgstr "зонд sdap_parse_entry" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -18048,27 +18122,25 @@ msgid "" + "Probes the sdap_parse_entry() function. It is called repeatedly with every " + "received attribute." + msgstr "" ++"Зондує функцію sdap_parse_entry(). Викликається повторно для кожного " ++"отриманого атрибута." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "filter:string\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"filter:рядок\n" +-" " ++"attr:рядок\n" ++"value:рядок\n" ++" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "зонд dp_req_done" ++msgstr "probe sdap_parse_entry_done" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -18076,6 +18148,8 @@ msgid "" + "Probes the sdap_parse_entry() function. It is called when parsing of " + "received object is finished." + msgstr "" ++"Зондує функцію sdap_parse_entry(). Викликається після завершення обробки " ++"отриманого об'єкта." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:201 +@@ -18319,7 +18393,7 @@ msgstr "Перетворення методу на рядок і поверне + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-systemtap.5.xml:410 + msgid "SAMPLE SYSTEMTAP SCRIPTS" +-msgstr "" ++msgstr "ЗРАЗКИ СКРИПТІВ SYSTEMTAP" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-systemtap.5.xml:412 +@@ -18328,78 +18402,67 @@ msgid "" + "script_name>.stp</command>), then perform an identity operation and the " + "script will collect information from probes." + msgstr "" ++"Запустіть скрипт SystemTap (<command>stap /usr/share/sssd/systemtap/<" ++"назва_скрипту>.stp</command>), потім виконайте дію із розпізнавання. " ++"Скрипт збере дані за допомогою зондів." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-systemtap.5.xml:418 + msgid "Provided SystemTap scripts are:" +-msgstr "" ++msgstr "Скриптами SystemTap з пакунка є:" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:422 + msgid "dp_request.stp" +-msgstr "" ++msgstr "dp_request.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:425 + msgid "Monitoring of data provider request performance." +-msgstr "" ++msgstr "Спостереження за швидкодією обробки запитів засобом надання даних." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:430 + msgid "id_perf.stp" +-msgstr "" ++msgstr "id_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:433 + msgid "Monitoring of <command>id</command> command performance." +-msgstr "" ++msgstr "Спостереження за швидкодією виконання команди <command>id</command>." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (рядок)" ++msgstr "ldap_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 + msgid "Monitoring of LDAP queries." +-msgstr "" ++msgstr "Спостереження за запитами LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:447 + msgid "nested_group_perf.stp" +-msgstr "" ++msgstr "nested_group_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:450 + msgid "Performance of nested groups resolving." +-msgstr "" ++msgstr "Швидкодія визначення назв для вкладених груп." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "sssd-ldap-attributes" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Модуль надання даних LDAP SSSD" ++msgstr "Засіб надання даних LDAP SSSD: атрибути прив'язування" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -18407,17 +18470,17 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"На цій сторінці довідника описано налаштування доменів LDAP для " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +-"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." ++"Цю сторінку підручника присвячено опису атрибутів прив'язування засобу " ++"надання даних LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Повний опис " ++"параметрів налаштовування засобу надання даних LDAP SSSD наведено на " ++"сторінці підручника щодо <citerefentry> <refentrytitle>sssd-ldap</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 + msgid "USER ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ КОРИСТУВАЧА" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:42 +@@ -18529,7 +18592,7 @@ msgstr "Атрибут LDAP, що містить назву домашнього + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:129 + msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +-msgstr "" ++msgstr "Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:135 +@@ -19066,6 +19129,10 @@ msgid "" + "Therefore when using service-based access control, the <quote>systemd-user</" + "quote> service might need to be added to the list of allowed services." + msgstr "" ++"У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM " ++"<quote>systemd-user</quote> завжди включено до процедури входу до системи. " ++"Тому при використанні керування доступом на основі даних служб варто " ++"додавати службу <quote>systemd-user</quote> до списку дозволених служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:545 +@@ -19204,7 +19271,7 @@ msgstr "Типове значення: mail" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:644 + msgid "GROUP ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ ГРУПИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:648 +@@ -19292,10 +19359,8 @@ msgstr "ldap_group_modify_timestamp (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (рядок)" ++msgstr "ldap_group_type (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -19349,7 +19414,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:782 + msgid "NETGROUP ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:786 +@@ -19437,7 +19502,7 @@ msgstr "ldap_netgroup_modify_timestamp (рядок)" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:871 + msgid "HOST ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ ВУЗЛА" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:875 +@@ -19523,10 +19588,8 @@ msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта ву + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "РОЗДІЛИ СЛУЖБ" ++msgstr "АТРИБУТИ СЛУЖБИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -19585,7 +19648,7 @@ msgstr "Типове значення: ipServiceProtocol" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1026 + msgid "SUDO ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ SUDO" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:1030 +@@ -19770,10 +19833,8 @@ msgstr "Типове значення: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "ПАРАМЕТРИ AUTOFS" ++msgstr "АТРИБУТИ AUTOFS" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -20098,20 +20159,17 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "dns_resolver_server_timeout" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +-#, fuzzy +-#| msgid "How long would SSSD talk to a single DNS server." + msgid "" + "Time in milliseconds that sets how long would SSSD talk to a single DNS " + "server before trying next one." + msgstr "" +-"Наскільки довго SSSD обмінюватиметься інформацією із окремим сервером DNS." ++"Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із " ++"окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:90 +@@ -20125,6 +20183,10 @@ msgid "" + "(e.g. resolution of a hostname or an SRV record) before trying the next " + "hostname or discovery domain." + msgstr "" ++"Час у секундах, який визначає тривалість періоду, протягом якого SSSD " ++"намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла " ++"або запис SRV), перш ніж перейти до наступної назви вузла або наступного " ++"домену пошуку." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:106 +@@ -20158,13 +20220,6 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para> + #: include/failover.xml:123 +-#, fuzzy +-#| msgid "" +-#| "For LDAP-based providers, the resolve operation is performed as part of " +-#| "an LDAP connection operation. Therefore, also the " +-#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value " +-#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a " +-#| "larger value than <quote>dns_resolver_op_timeout</quote>." + msgid "" + "For LDAP-based providers, the resolve operation is performed as part of an " + "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></" +@@ -20177,7 +20232,8 @@ msgstr "" + "частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити " + "для часу очікування <quote>ldap_opt_timeout></quote> значення, яке " + "перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має " +-"перевищувати значення <quote>dns_resolver_op_timeout</quote>." ++"перевищувати значення <quote>dns_resolver_op_timeout</quote>, яке має " ++"перевищувати значення <quote>dns_resolver_server_timeout</quote>." + + #. type: Content of: <refsect1><title> + #: include/ldap_id_mapping.xml:2 +@@ -21438,94 +21494,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "ldap_group_external_member = ipaExternalMember" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "Під час фонового оновлення виконуватиметься обробка записів користувачів, " +-#~ "груп та мережевих груп у кеші." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Типове значення: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (ціле число)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the InteractiveLogonRight and " +-#~ "DenyInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO виконуватиметься на основі параметрів правил " +-#~ "InteractiveLogonRight і DenyInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the RemoteInteractiveLogonRight and " +-#~ "DenyRemoteInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту RemoteInteractiveLogonRight " +-#~ "і DenyRemoteInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the NetworkLogonRight and " +-#~ "DenyNetworkLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту NetworkLogonRight і " +-#~ "DenyNetworkLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +-#~ "policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту BatchLogonRight і " +-#~ "DenyBatchLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the ServiceLogonRight and " +-#~ "DenyServiceLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту ServiceLogonRight і " +-#~ "DenyServiceLogonRight." +- +-#~ msgid "" +-#~ "The KCM service is configured in the <quote>kcm</quote> section of the " +-#~ "sssd.conf file. Please note that currently, is it not sufficient to " +-#~ "restart the sssd-kcm service, because the sssd configuration is only " +-#~ "parsed and read to an internal configuration database by the sssd " +-#~ "service. Therefore you must restart the sssd service if you change " +-#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed " +-#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +-#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-#~ "manvolnum> </citerefentry> manual page." +-#~ msgstr "" +-#~ "Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</" +-#~ "quote> файла sssd.conf. Будь ласка, зауважте, що у поточній версії для " +-#~ "застосування налаштувань перезапуску служби sssd-kcm недостатньо, " +-#~ "оскільки обробка і читання налаштувань sssd до внутрішньої бази даних " +-#~ "налаштувань виконується лише самою службою sssd. Тому вам слід " +-#~ "перезапустити вашу службу sssd, якщо ви щось змінили у розділі " +-#~ "<quote>kcm</quote> файла sssd.conf. Докладний опис синтаксису файла " +-#~ "налаштувань наведено у розділі <quote>ФОРМАТ ФАЙЛА</quote> сторінки " +-#~ "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#~ "<manvolnum>5</manvolnum> </citerefentry>." +diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po +index cca30a82f..3170fb6a2 100644 +--- a/src/man/po/zh_CN.po ++++ b/src/man/po/zh_CN.po +@@ -6,9 +6,9 @@ + # Christopher Meng <cickumqt@gmail.com>, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:16+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +@@ -301,9 +301,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -323,16 +323,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -361,7 +361,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -659,8 +659,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -769,10 +769,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: sha256" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1742,7 +1740,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1806,7 +1804,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1871,8 +1869,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5041,34 +5039,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5076,14 +5093,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5091,17 +5108,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5111,12 +5128,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5124,17 +5141,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5142,7 +5172,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5153,7 +5183,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5162,7 +5192,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5170,26 +5200,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5197,7 +5227,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5205,7 +5235,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5213,41 +5243,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5256,32 +5286,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5289,24 +5319,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5314,17 +5344,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5335,24 +5365,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5363,12 +5393,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5381,7 +5411,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5393,17 +5423,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5411,49 +5441,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5461,28 +5491,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5494,7 +5524,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5502,7 +5532,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5510,39 +5540,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5552,7 +5582,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5560,26 +5590,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5587,7 +5617,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5595,31 +5625,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5628,56 +5658,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5693,12 +5723,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5707,14 +5737,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5723,24 +5753,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5748,19 +5778,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5769,7 +5799,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5777,7 +5807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5786,7 +5816,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5794,22 +5824,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5819,14 +5849,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5839,12 +5869,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5854,7 +5884,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5864,63 +5894,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5929,74 +5959,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6007,7 +6037,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6015,24 +6045,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6049,12 +6079,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6062,36 +6092,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6099,14 +6129,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6116,101 +6146,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6219,59 +6249,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6280,22 +6310,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6304,14 +6334,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6319,7 +6349,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6332,27 +6362,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6368,13 +6398,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7904,7 +7934,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7919,7 +7949,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7934,12 +7964,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7960,12 +7990,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7989,17 +8019,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8007,7 +8037,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8034,7 +8064,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8047,12 +8077,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8071,60 +8101,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8238,26 +8268,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9697,9 +9727,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9709,19 +9755,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9731,12 +9777,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9744,7 +9790,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9759,7 +9805,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9768,7 +9814,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9776,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9786,7 +9832,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13905,10 +13951,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13924,10 +13968,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15430,10 +15472,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "服务部分" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +-- +2.20.1 + diff --git a/SOURCES/0017-sbus_server-stylistic-rename.patch b/SOURCES/0017-sbus_server-stylistic-rename.patch new file mode 100644 index 0000000..40d597d --- /dev/null +++ b/SOURCES/0017-sbus_server-stylistic-rename.patch @@ -0,0 +1,43 @@ +From faa5dbf6f716bd4ac0a3020a28a1ee6fbf74654a Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 17:22:28 +0100 +Subject: [PATCH 17/23] sbus_server: stylistic rename +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Renamed sbus_server_name_remove_from_table() to +sbus_server_name_remove_from_table_cb() to keep naming consistent +with other functions used as `hash_delete_callback` argument of +sss_ptr_hash_create() + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/sbus/server/sbus_server.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c +index 5405dae56..2b9327051 100644 +--- a/src/sbus/server/sbus_server.c ++++ b/src/sbus/server/sbus_server.c +@@ -584,7 +584,7 @@ sbus_server_name_lost(struct sbus_server *server, + } + + static void +-sbus_server_name_remove_from_table(hash_entry_t *item, ++sbus_server_name_remove_from_table_cb(hash_entry_t *item, + hash_destroy_enum type, + void *pvt) + { +@@ -676,7 +676,7 @@ sbus_server_create(TALLOC_CTX *mem_ctx, + } + + sbus_server->names = sss_ptr_hash_create(sbus_server, +- sbus_server_name_remove_from_table, sbus_server); ++ sbus_server_name_remove_from_table_cb, sbus_server); + if (sbus_server->names == NULL) { + ret = ENOMEM; + goto done; +-- +2.20.1 + diff --git a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch new file mode 100644 index 0000000..25254a6 --- /dev/null +++ b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch @@ -0,0 +1,91 @@ +From adc7730a4e1b9721c93863a1b283457e9c02a3c5 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 17:55:24 +0100 +Subject: [PATCH 18/23] sss_ptr_hash: don't keep empty sss_ptr_hash_delete_data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is no need to allocate memory for `sss_ptr_hash_delete_data` +if table user doesn't provide custom delete callback. + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/util/sss_ptr_hash.c | 36 ++++++++++++++++++++---------------- + 1 file changed, 20 insertions(+), 16 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 8f9762cb9..f8addec1e 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -138,12 +138,6 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + struct sss_ptr_hash_value *value; + struct hash_entry_t callback_entry; + +- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); +- return; +- } +- + value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n"); +@@ -157,8 +151,14 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + /* Free value, this also will disable spy */ + talloc_free(value); + +- /* Switch to the input value and call custom callback. */ +- if (data->callback != NULL) { ++ if (pvt != NULL) { ++ /* Switch to the input value and call custom callback. */ ++ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); ++ return; ++ } ++ + data->callback(&callback_entry, deltype, data->pvt); + } + } +@@ -167,17 +167,19 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + hash_delete_callback *del_cb, + void *del_cb_pvt) + { +- struct sss_ptr_hash_delete_data *data; ++ struct sss_ptr_hash_delete_data *data = NULL; + hash_table_t *table; + errno_t ret; + +- data = talloc_zero(NULL, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- return NULL; +- } ++ if (del_cb != NULL) { ++ data = talloc_zero(NULL, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ return NULL; ++ } + +- data->callback = del_cb; +- data->pvt = del_cb_pvt; ++ data->callback = del_cb; ++ data->pvt = del_cb_pvt; ++ } + + ret = sss_hash_create_ex(mem_ctx, 10, &table, 0, 0, 0, 0, + sss_ptr_hash_delete_cb, data); +@@ -188,7 +190,9 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + return NULL; + } + +- talloc_steal(table, data); ++ if (data != NULL) { ++ talloc_steal(table, data); ++ } + + return table; + } +-- +2.20.1 + diff --git a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch new file mode 100644 index 0000000..b56423a --- /dev/null +++ b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch @@ -0,0 +1,62 @@ +From d0eb88089b059bfe2da3bd1a3797b89d69119c29 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 19:00:27 +0100 +Subject: [PATCH 19/23] sss_ptr_hash: sss_ptr_hash_delete fix/optimization +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + - no reason to skip hash_delete() just because sss_ptr_hash_lookup_internal() +failed + - avoid excessive lookup if it is not required to free payload + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/util/sss_ptr_hash.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index f8addec1e..7326244e6 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -331,20 +331,21 @@ void sss_ptr_hash_delete(hash_table_t *table, + struct sss_ptr_hash_value *value; + hash_key_t table_key; + int hret; +- void *ptr; ++ void *payload; + + if (table == NULL || key == NULL) { + return; + } + +- value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL) { +- /* Value not found. */ +- return; ++ if (free_value) { ++ value = sss_ptr_hash_lookup_internal(table, key); ++ if (value == NULL) { ++ free_value = false; ++ } else { ++ payload = value->ptr; ++ } + } + +- ptr = value->ptr; +- + table_key.type = HASH_KEY_STRING; + table_key.str = discard_const_p(char, key); + +@@ -357,7 +358,7 @@ void sss_ptr_hash_delete(hash_table_t *table, + + /* Also free the original value if requested. */ + if (free_value) { +- talloc_free(ptr); ++ talloc_free(payload); + } + + return; +-- +2.20.1 + diff --git a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch new file mode 100644 index 0000000..b5a8ee4 --- /dev/null +++ b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch @@ -0,0 +1,35 @@ +From 8cc2ce4e9060a71d441a377008fb2f567baa5d92 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 20:07:41 +0100 +Subject: [PATCH 20/23] sss_ptr_hash: removed redundant check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`sss_ptr_hash_check_type()` call would take care of this case. + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/util/sss_ptr_hash.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 7326244e6..bf111a613 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -268,12 +268,6 @@ sss_ptr_hash_lookup_internal(hash_table_t *table, + return NULL; + } + +- /* This may happen if we are in delete callback +- * and we try to search the hash table. */ +- if (table_value.ptr == NULL) { +- return NULL; +- } +- + if (!sss_ptr_hash_check_type(table_value.ptr, "struct sss_ptr_hash_value")) { + return NULL; + } +-- +2.20.1 + diff --git a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch new file mode 100644 index 0000000..a9a9d8e --- /dev/null +++ b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch @@ -0,0 +1,53 @@ +From 4bc0c2c7833dd643fc1137daf6519670c05c3736 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 21:11:16 +0100 +Subject: [PATCH 21/23] sss_ptr_hash: fixed memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case `override` check was failed in _sss_ptr_hash_add() +`value` was leaking. +Fixed to do `override` check before value allocation. + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/util/sss_ptr_hash.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index bf111a613..114b6edeb 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -217,21 +217,21 @@ errno_t _sss_ptr_hash_add(hash_table_t *table, + return ERR_INVALID_DATA_TYPE; + } + ++ table_key.type = HASH_KEY_STRING; ++ table_key.str = discard_const_p(char, key); ++ ++ if (override == false && hash_has_key(table, &table_key)) { ++ return EEXIST; ++ } ++ + value = sss_ptr_hash_value_create(table, key, talloc_ptr); + if (value == NULL) { + return ENOMEM; + } + +- table_key.type = HASH_KEY_STRING; +- table_key.str = discard_const_p(char, key); +- + table_value.type = HASH_VALUE_PTR; + table_value.ptr = value; + +- if (override == false && hash_has_key(table, &table_key)) { +- return EEXIST; +- } +- + hret = hash_enter(table, &table_key, &table_value); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add key %s!\n", key); +-- +2.20.1 + diff --git a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch new file mode 100644 index 0000000..c58fbd8 --- /dev/null +++ b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch @@ -0,0 +1,366 @@ +From 0bb1289252eec972ea26721a92adc7db47383f76 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Fri, 24 Jan 2020 23:57:39 +0100 +Subject: [PATCH 22/23] sss_ptr_hash: internal refactoring +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +sss_ptr_hash code was refactored: + - got rid of a "spy" to make logic cleaner + - table got destructor to wipe its content + - described some usage limitation in the documentation + +And resolves: https://pagure.io/SSSD/sssd/issue/4135 + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/util/sss_ptr_hash.c | 183 +++++++++++++++++----------------------- + src/util/sss_ptr_hash.h | 17 +++- + 2 files changed, 91 insertions(+), 109 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 114b6edeb..6409236c7 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -39,67 +39,35 @@ static bool sss_ptr_hash_check_type(void *ptr, const char *type) + return true; + } + ++static int sss_ptr_hash_table_destructor(hash_table_t *table) ++{ ++ sss_ptr_hash_delete_all(table, false); ++ return 0; ++} ++ + struct sss_ptr_hash_delete_data { + hash_delete_callback *callback; + void *pvt; + }; + + struct sss_ptr_hash_value { +- struct sss_ptr_hash_spy *spy; +- void *ptr; +-}; +- +-struct sss_ptr_hash_spy { +- struct sss_ptr_hash_value *value; + hash_table_t *table; + const char *key; ++ void *payload; + }; + +-static int +-sss_ptr_hash_spy_destructor(struct sss_ptr_hash_spy *spy) +-{ +- spy->value->spy = NULL; +- +- /* This results in removing entry from hash table and freeing the value. */ +- sss_ptr_hash_delete(spy->table, spy->key, false); +- +- return 0; +-} +- +-static struct sss_ptr_hash_spy * +-sss_ptr_hash_spy_create(TALLOC_CTX *mem_ctx, +- hash_table_t *table, +- const char *key, +- struct sss_ptr_hash_value *value) +-{ +- struct sss_ptr_hash_spy *spy; +- +- spy = talloc_zero(mem_ctx, struct sss_ptr_hash_spy); +- if (spy == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n"); +- return NULL; +- } +- +- spy->key = talloc_strdup(spy, key); +- if (spy->key == NULL) { +- talloc_free(spy); +- return NULL; +- } +- +- spy->table = table; +- spy->value = value; +- talloc_set_destructor(spy, sss_ptr_hash_spy_destructor); +- +- return spy; +-} +- + static int + sss_ptr_hash_value_destructor(struct sss_ptr_hash_value *value) + { +- if (value->spy != NULL) { +- /* Disable spy destructor and free it. */ +- talloc_set_destructor(value->spy, NULL); +- talloc_zfree(value->spy); ++ hash_key_t table_key; ++ ++ if (value->table && value->key) { ++ table_key.type = HASH_KEY_STRING; ++ table_key.str = discard_const_p(char, value->key); ++ if (hash_delete(value->table, &table_key) != HASH_SUCCESS) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "failed to delete entry with key '%s'\n", value->key); ++ } + } + + return 0; +@@ -112,18 +80,19 @@ sss_ptr_hash_value_create(hash_table_t *table, + { + struct sss_ptr_hash_value *value; + +- value = talloc_zero(table, struct sss_ptr_hash_value); ++ value = talloc_zero(talloc_ptr, struct sss_ptr_hash_value); + if (value == NULL) { + return NULL; + } + +- value->spy = sss_ptr_hash_spy_create(talloc_ptr, table, key, value); +- if (value->spy == NULL) { ++ value->key = talloc_strdup(value, key); ++ if (value->key == NULL) { + talloc_free(value); + return NULL; + } + +- value->ptr = talloc_ptr; ++ value->table = table; ++ value->payload = talloc_ptr; + talloc_set_destructor(value, sss_ptr_hash_value_destructor); + + return value; +@@ -138,29 +107,31 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + struct sss_ptr_hash_value *value; + struct hash_entry_t callback_entry; + ++ if (pvt == NULL) { ++ return; ++ } ++ + value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n"); + return; + } + ++ /* Switch to the input value and call custom callback. */ ++ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); ++ return; ++ } ++ + callback_entry.key = item->key; + callback_entry.value.type = HASH_VALUE_PTR; +- callback_entry.value.ptr = value->ptr; +- +- /* Free value, this also will disable spy */ +- talloc_free(value); +- +- if (pvt != NULL) { +- /* Switch to the input value and call custom callback. */ +- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); +- return; +- } +- +- data->callback(&callback_entry, deltype, data->pvt); +- } ++ callback_entry.value.ptr = value->payload; ++ /* Even if execution is already in the context of ++ * talloc_free(payload) -> talloc_free(value) -> ... ++ * there still might be legitimate reasons to execute callback. ++ */ ++ data->callback(&callback_entry, deltype, data->pvt); + } + + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, +@@ -194,6 +165,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + talloc_steal(table, data); + } + ++ talloc_set_destructor(table, sss_ptr_hash_table_destructor); ++ + return table; + } + +@@ -282,15 +255,15 @@ void *_sss_ptr_hash_lookup(hash_table_t *table, + struct sss_ptr_hash_value *value; + + value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL || value->ptr == NULL) { ++ if (value == NULL || value->payload == NULL) { + return NULL; + } + +- if (!sss_ptr_hash_check_type(value->ptr, type)) { ++ if (!sss_ptr_hash_check_type(value->payload, type)) { + return NULL; + } + +- return value->ptr; ++ return value->payload; + } + + void *_sss_ptr_get_value(hash_value_t *table_value, +@@ -311,11 +284,11 @@ void *_sss_ptr_get_value(hash_value_t *table_value, + + value = table_value->ptr; + +- if (!sss_ptr_hash_check_type(value->ptr, type)) { ++ if (!sss_ptr_hash_check_type(value->payload, type)) { + return NULL; + } + +- return value->ptr; ++ return value->payload; + } + + void sss_ptr_hash_delete(hash_table_t *table, +@@ -323,74 +296,70 @@ void sss_ptr_hash_delete(hash_table_t *table, + bool free_value) + { + struct sss_ptr_hash_value *value; +- hash_key_t table_key; +- int hret; +- void *payload; ++ void *payload = NULL; + + if (table == NULL || key == NULL) { + return; + } + +- if (free_value) { +- value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL) { +- free_value = false; +- } else { +- payload = value->ptr; +- } +- } +- +- table_key.type = HASH_KEY_STRING; +- table_key.str = discard_const_p(char, key); +- +- /* Delete table entry. This will free value and spy in delete callback. */ +- hret = hash_delete(table, &table_key); +- if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove key from table [%d]\n", +- hret); ++ value = sss_ptr_hash_lookup_internal(table, key); ++ if (value == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Unable to remove key '%s' from table\n", key); ++ return; + } + +- /* Also free the original value if requested. */ + if (free_value) { +- talloc_free(payload); ++ payload = value->payload; + } + ++ talloc_free(value); /* this will call hash_delete() in value d-tor */ ++ ++ talloc_free(payload); /* it is safe to call talloc_free(NULL) */ ++ + return; + } + + void sss_ptr_hash_delete_all(hash_table_t *table, + bool free_values) + { ++ hash_value_t *content; + struct sss_ptr_hash_value *value; +- hash_value_t *values; ++ void *payload = NULL; + unsigned long count; + unsigned long i; + int hret; +- void *ptr; + + if (table == NULL) { + return; + } + +- hret = hash_values(table, &count, &values); ++ hret = hash_values(table, &count, &content); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get values [%d]\n", hret); + return; + } + +- for (i = 0; i < count; i++) { +- value = values[i].ptr; +- ptr = value->ptr; +- +- /* This will remove the entry from hash table and free value. */ +- talloc_free(value->spy); +- +- if (free_values) { +- /* Also free the original value. */ +- talloc_free(ptr); ++ for (i = 0; i < count; ++i) { ++ if ((content[i].type == HASH_VALUE_PTR) && ++ sss_ptr_hash_check_type(content[i].ptr, ++ "struct sss_ptr_hash_value")) { ++ value = content[i].ptr; ++ if (free_values) { ++ payload = value->payload; ++ } ++ talloc_free(value); ++ if (free_values) { ++ talloc_free(payload); /* it's safe to call talloc_free(NULL) */ ++ } ++ } else { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Unexpected type of table content, skipping"); + } + } + ++ talloc_free(content); ++ + return; + } + +diff --git a/src/util/sss_ptr_hash.h b/src/util/sss_ptr_hash.h +index 56bb19a65..0889b171a 100644 +--- a/src/util/sss_ptr_hash.h ++++ b/src/util/sss_ptr_hash.h +@@ -28,7 +28,19 @@ + + /** + * Create a new hash table with string key and talloc pointer value with +- * possible delete callback. ++ * possible custom delete callback @del_cb. ++ * Table will have destructor setup to wipe content. ++ * Never call hash_destroy(table) and hash_delete() explicitly but rather ++ * use talloc_free(table) and sss_ptr_hash_delete(). ++ * ++ * A notes about @del_cb: ++ * - this callback must never modify hash table (i.e. add/del entries); ++ * - this callback is triggered when value is either explicitly removed ++ * from the table or simply freed (latter leads to removal of an entry ++ * from the table); ++ * - this callback is also triggered for every entry when table is freed ++ * entirely. In this case (deltype == HASH_TABLE_DESTROY) any table ++ * lookups / iteration are forbidden as table might be already invalidated. + */ + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + hash_delete_callback *del_cb, +@@ -41,7 +53,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + * the value is overridden. Otherwise EEXIST error is returned. + * + * If talloc_ptr is freed the key and value are automatically +- * removed from the hash table. ++ * removed from the hash table (del_cb that was set up during ++ * table creation is executed as a first step of this removal). + * + * @return EOK If the <@key, @talloc_ptr> pair was inserted. + * @return EEXIST If @key already exists and @override is false. +-- +2.20.1 + diff --git a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch new file mode 100644 index 0000000..1640cf7 --- /dev/null +++ b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch @@ -0,0 +1,266 @@ +From 88b23bf50dd1c12413f3314639de2c3909bd9098 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Tue, 28 Jan 2020 19:26:08 +0100 +Subject: [PATCH 23/23] TESTS: added sss_ptr_hash unit test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + Makefile.am | 1 + + src/tests/cmocka/test_sss_ptr_hash.c | 193 +++++++++++++++++++++++++++ + src/tests/cmocka/test_utils.c | 9 ++ + src/tests/cmocka/test_utils.h | 6 + + 4 files changed, 209 insertions(+) + create mode 100644 src/tests/cmocka/test_sss_ptr_hash.c + +diff --git a/Makefile.am b/Makefile.am +index 57ba51356..c991f2aa0 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -3054,6 +3054,7 @@ test_ipa_idmap_LDADD = \ + test_utils_SOURCES = \ + src/tests/cmocka/test_utils.c \ + src/tests/cmocka/test_string_utils.c \ ++ src/tests/cmocka/test_sss_ptr_hash.c \ + src/p11_child/p11_child_common_utils.c \ + $(NULL) + if BUILD_SSH +diff --git a/src/tests/cmocka/test_sss_ptr_hash.c b/src/tests/cmocka/test_sss_ptr_hash.c +new file mode 100644 +index 000000000..1458238f5 +--- /dev/null ++++ b/src/tests/cmocka/test_sss_ptr_hash.c +@@ -0,0 +1,193 @@ ++/* ++ Copyright (C) 2020 Red Hat ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see <http://www.gnu.org/licenses/>. ++*/ ++ ++#include "tests/cmocka/common_mock.h" ++#include "util/sss_ptr_hash.h" ++ ++static const int MAX_ENTRIES_AMOUNT = 5; ++ ++static void populate_table(hash_table_t *table, int **payloads) ++{ ++ char key[2] = {'z', 0}; ++ ++ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) { ++ payloads[i] = talloc_zero(global_talloc_context, int); ++ assert_non_null(payloads[i]); ++ *payloads[i] = i; ++ key[0] = '0'+(char)i; ++ assert_int_equal(sss_ptr_hash_add(table, key, payloads[i], int), 0); ++ } ++ ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT); ++} ++ ++static void free_payload_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt) ++{ ++ int *counter; ++ ++ assert_non_null(item); ++ assert_non_null(item->value.ptr); ++ talloc_zfree(item->value.ptr); ++ ++ assert_non_null(pvt); ++ counter = (int *)pvt; ++ (*counter)++; ++} ++ ++void test_sss_ptr_hash_with_free_cb(void **state) ++{ ++ hash_table_t *table; ++ int free_counter = 0; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ table = sss_ptr_hash_create(global_talloc_context, ++ free_payload_cb, ++ &free_counter); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ /* check explicit removal from the hash */ ++ sss_ptr_hash_delete(table, "1", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ assert_int_equal(free_counter, 1); ++ ++ /* check implicit removal triggered by payload deletion */ ++ talloc_free(payloads[3]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ assert_int_equal(free_counter, 2); ++ ++ /* try to remove non existent entry */ ++ sss_ptr_hash_delete(table, "q", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ assert_int_equal(free_counter, 2); ++ ++ /* clear all */ ++ sss_ptr_hash_delete_all(table, false); ++ assert_int_equal((int)hash_count(table), 0); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT); ++ ++ /* check that table is still operable */ ++ populate_table(table, payloads); ++ sss_ptr_hash_delete(table, "2", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT+1); ++ ++ talloc_free(table); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT*2); ++} ++ ++struct table_wrapper ++{ ++ hash_table_t **table; ++}; ++ ++static void lookup_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt) ++{ ++ hash_table_t *table; ++ hash_key_t *keys; ++ unsigned long count; ++ int *value = NULL; ++ int sum = 0; ++ ++ assert_non_null(pvt); ++ table = *((struct table_wrapper *)pvt)->table; ++ assert_non_null(table); ++ ++ if (type == HASH_TABLE_DESTROY) { ++ /* table is being destroyed */ ++ return; ++ } ++ ++ assert_int_equal(hash_keys(table, &count, &keys), HASH_SUCCESS); ++ for (unsigned int i = 0; i < count; ++i) { ++ assert_int_equal(keys[i].type, HASH_KEY_STRING); ++ value = sss_ptr_hash_lookup(table, keys[i].c_str, int); ++ assert_non_null(value); ++ sum += *value; ++ } ++ DEBUG(SSSDBG_TRACE_ALL, "sum of all values = %d\n", sum); ++ talloc_free(keys); ++} ++ ++/* main difference with `test_sss_ptr_hash_with_free_cb()` ++ * is that table cb here doesn't delete payload so ++ * this is requested via `free_value(s)` arg ++ */ ++void test_sss_ptr_hash_with_lookup_cb(void **state) ++{ ++ hash_table_t *table; ++ struct table_wrapper wrapper; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ wrapper.table = &table; ++ table = sss_ptr_hash_create(global_talloc_context, ++ lookup_cb, ++ &wrapper); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ /* check explicit removal from the hash */ ++ sss_ptr_hash_delete(table, "2", true); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ ++ /* check implicit removal triggered by payload deletion */ ++ talloc_free(payloads[0]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ ++ /* clear all */ ++ sss_ptr_hash_delete_all(table, true); ++ assert_int_equal((int)hash_count(table), 0); ++ /* teardown function shall verify there are no leaks ++ * on global_talloc_context and so that payloads[] were freed ++ */ ++ ++ /* check that table is still operable */ ++ populate_table(table, payloads); ++ ++ talloc_free(table); ++ /* d-tor triggers hash_destroy() but since cb here doesn free payload ++ * this should be done manually ++ */ ++ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) { ++ talloc_free(payloads[i]); ++ } ++} ++ ++/* Just smoke test to verify that absence of cb doesn't break anything */ ++void test_sss_ptr_hash_without_cb(void **state) ++{ ++ hash_table_t *table; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ table = sss_ptr_hash_create(global_talloc_context, NULL, NULL); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ sss_ptr_hash_delete(table, "4", true); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ ++ talloc_free(payloads[1]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ ++ sss_ptr_hash_delete_all(table, true); ++ assert_int_equal((int)hash_count(table), 0); ++ ++ talloc_free(table); ++} +diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c +index 666f32903..c5eda4dd2 100644 +--- a/src/tests/cmocka/test_utils.c ++++ b/src/tests/cmocka/test_utils.c +@@ -2055,6 +2055,15 @@ int main(int argc, const char *argv[]) + cmocka_unit_test_setup_teardown(test_sss_get_domain_mappings_content, + setup_dom_list_with_subdomains, + teardown_dom_list), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_free_cb, ++ setup_leak_tests, ++ teardown_leak_tests), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_lookup_cb, ++ setup_leak_tests, ++ teardown_leak_tests), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb, ++ setup_leak_tests, ++ teardown_leak_tests), + }; + + /* Set debug level to invalid value so we can decide if -d 0 was used. */ +diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h +index e93e0da25..44b9479f9 100644 +--- a/src/tests/cmocka/test_utils.h ++++ b/src/tests/cmocka/test_utils.h +@@ -33,4 +33,10 @@ void test_guid_blob_to_string_buf(void **state); + void test_get_last_x_chars(void **state); + void test_concatenate_string_array(void **state); + ++/* from src/tests/cmocka/test_sss_ptr_hash.c */ ++void test_sss_ptr_hash_with_free_cb(void **state); ++void test_sss_ptr_hash_with_lookup_cb(void **state); ++void test_sss_ptr_hash_without_cb(void **state); ++ ++ + #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */ +-- +2.20.1 + diff --git a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch new file mode 100644 index 0000000..e31740a --- /dev/null +++ b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch @@ -0,0 +1,86 @@ +From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Thu, 30 Jan 2020 13:14:14 +0100 +Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some implementations of C_WaitForSlotEvent() might return even if no +card was inserted. So it has to be checked if a card is really present. + +Resolves: https://pagure.io/SSSD/sssd/issue/4159 + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 22 deletions(-) + +diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c +index 56601b117..295715612 100644 +--- a/src/p11_child/p11_child_openssl.c ++++ b/src/p11_child/p11_child_openssl.c +@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id) + CK_RV rv; + CK_SLOT_INFO info; + +- rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); +- if (rv != CKR_OK) { +- if (rv != CKR_FUNCTION_NOT_SUPPORTED) { ++ do { ++ rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); ++ if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) { + DEBUG(SSSDBG_OP_FAILURE, + "C_WaitForSlotEvent failed [%lu][%s].\n", + rv, p11_kit_strerror(rv)); + return EIO; + } + +- /* Poor man's wait */ +- do { ++ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { ++ /* Poor man's wait */ + sleep(10); +- rv = module->C_GetSlotInfo(*slot_id, &info); +- if (rv != CKR_OK) { +- DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); +- return EIO; +- } +- DEBUG(SSSDBG_TRACE_ALL, +- "Description [%s] Manufacturer [%s] flags [%lu] " +- "removable [%s] token present [%s].\n", +- info.slotDescription, info.manufacturerID, info.flags, +- (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", +- (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); +- if ((info.flags & CKF_REMOVABLE_DEVICE) +- && (info.flags & CKF_TOKEN_PRESENT)) { +- break; +- } +- } while (true); +- } ++ } ++ ++ rv = module->C_GetSlotInfo(*slot_id, &info); ++ if (rv != CKR_OK) { ++ DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); ++ return EIO; ++ } ++ DEBUG(SSSDBG_TRACE_ALL, ++ "Description [%s] Manufacturer [%s] flags [%lu] " ++ "removable [%s] token present [%s].\n", ++ info.slotDescription, info.manufacturerID, info.flags, ++ (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", ++ (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); ++ ++ /* Check if really a token is present */ ++ if ((info.flags & CKF_REMOVABLE_DEVICE) ++ && (info.flags & CKF_TOKEN_PRESENT)) { ++ break; ++ } ++ } while (true); + + return EOK; + } +-- +2.20.1 + diff --git a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch new file mode 100644 index 0000000..0127ff5 --- /dev/null +++ b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch @@ -0,0 +1,37 @@ +From 37780b895199bab991edae6b1eeb91b7b3966bcf Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Thu, 6 Feb 2020 14:50:23 +0100 +Subject: [PATCH 25/25] PAM client: only require UID 0 for private socket +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some privileged services like e.g. gdm might only call with UID 0 but +with a different GID. This patch removes the GID 0 requirement to access +to private PAM socket so that e.g. gdm can use the wait-for-card option. + +Resolves: https://pagure.io/SSSD/sssd/issue/4159 + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/sss_client/common.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sss_client/common.c b/src/sss_client/common.c +index 270ca8b54..902438c86 100644 +--- a/src/sss_client/common.c ++++ b/src/sss_client/common.c +@@ -910,8 +910,8 @@ int sss_pam_make_request(enum sss_cli_command cmd, + goto out; + } + +- /* only root shall use the privileged pipe */ +- if (getuid() == 0 && getgid() == 0) { ++ /* only UID 0 shall use the privileged pipe */ ++ if (getuid() == 0) { + socket_name = SSS_PAM_PRIV_SOCKET_NAME; + errno = 0; + statret = stat(socket_name, &stat_buf); +-- +2.20.1 + diff --git a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch new file mode 100644 index 0000000..3901ba0 --- /dev/null +++ b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch @@ -0,0 +1,209 @@ +From f9b3c0d1009da8d8dbe273c38d6725100789e57b Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Wed, 8 Jan 2020 13:46:22 +0100 +Subject: [PATCH 26/27] ssh: do not mix different certificate lists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There was a list of binary certificates and a list with base64 encoded +ones which might be different depending on the active matching rules. +Only the base64 one with the filtered results should be used. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman <thalman@redhat.com> +--- + src/tests/cmocka/test_cert_utils.c | 80 +++++++++++++++++++++++++++ + src/util/cert.h | 3 + + src/util/cert/cert_common.c | 20 +++++++ + src/util/cert/cert_common_p11_child.c | 12 ++-- + 4 files changed, 108 insertions(+), 7 deletions(-) + +diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c +index 325e49f00..c2c9ca270 100644 +--- a/src/tests/cmocka/test_cert_utils.c ++++ b/src/tests/cmocka/test_cert_utils.c +@@ -711,6 +711,84 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state) + talloc_free(ev); + } + ++void test_cert_to_ssh_2keys_with_certmap_2_done(struct tevent_req *req) ++{ ++ int ret; ++ struct test_state *ts = tevent_req_callback_data(req, struct test_state); ++ struct ldb_val *keys; ++ uint8_t *exp_key; ++ size_t exp_key_size; ++ size_t valid_keys; ++ ++ assert_non_null(ts); ++ ts->done = true; ++ ++ ret = cert_to_ssh_key_recv(req, ts, &keys, &valid_keys); ++ talloc_free(req); ++ assert_int_equal(ret, 0); ++ assert_non_null(keys[0].data); ++ assert_int_equal(valid_keys, 1); ++ ++ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0002, &exp_key_size); ++ assert_non_null(exp_key); ++ assert_int_equal(keys[0].length, exp_key_size); ++ assert_memory_equal(keys[0].data, exp_key, exp_key_size); ++ talloc_free(exp_key); ++ ++ talloc_free(keys); ++ sss_certmap_free_ctx(ts->sss_certmap_ctx); ++} ++ ++void test_cert_to_ssh_2keys_with_certmap_2_send(void **state) ++{ ++ int ret; ++ struct tevent_context *ev; ++ struct tevent_req *req; ++ struct ldb_val val[2]; ++ ++ struct test_state *ts = talloc_get_type_abort(*state, struct test_state); ++ assert_non_null(ts); ++ ts->done = false; ++ ++ ret = sss_certmap_init(ts, NULL, NULL, &ts->sss_certmap_ctx); ++ assert_int_equal(ret, EOK); ++ ++ ret = sss_certmap_add_rule(ts->sss_certmap_ctx, -1, ++ "<SUBJECT>CN=SSSD test cert 0002,.*", NULL, ++ NULL); ++ assert_int_equal(ret, EOK); ++ ++ val[0].data = sss_base64_decode(ts, SSSD_TEST_CERT_0001, ++ &val[0].length); ++ assert_non_null(val[0].data); ++ ++ val[1].data = sss_base64_decode(ts, SSSD_TEST_CERT_0002, ++ &val[1].length); ++ assert_non_null(val[1].data); ++ ++ ev = tevent_context_init(ts); ++ assert_non_null(ev); ++ ++ req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, ++#ifdef HAVE_NSS ++ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", ++#else ++ ABS_BUILD_DIR "/src/tests/test_CA/SSSD_test_CA.pem", ++#endif ++ ts->sss_certmap_ctx, 2, &val[0], NULL); ++ assert_non_null(req); ++ ++ tevent_req_set_callback(req, test_cert_to_ssh_2keys_with_certmap_2_done, ts); ++ ++ while (!ts->done) { ++ tevent_loop_once(ev); ++ } ++ ++ talloc_free(val[0].data); ++ talloc_free(val[1].data); ++ talloc_free(ev); ++} ++ + int main(int argc, const char *argv[]) + { + poptContext pc; +@@ -746,6 +824,8 @@ int main(int argc, const char *argv[]) + setup, teardown), + cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_send, + setup, teardown), ++ cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_2_send, ++ setup, teardown), + #endif + }; + +diff --git a/src/util/cert.h b/src/util/cert.h +index e0d44e3d6..d038a99f6 100644 +--- a/src/util/cert.h ++++ b/src/util/cert.h +@@ -52,6 +52,9 @@ errno_t get_ssh_key_from_cert(TALLOC_CTX *mem_ctx, + uint8_t *der_blob, size_t der_size, + uint8_t **key_blob, size_t *key_size); + ++errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64, ++ uint8_t **key_blob, size_t *key_size); ++ + struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int child_debug_fd, time_t timeout, +diff --git a/src/util/cert/cert_common.c b/src/util/cert/cert_common.c +index 766877089..511fddd4d 100644 +--- a/src/util/cert/cert_common.c ++++ b/src/util/cert/cert_common.c +@@ -206,3 +206,23 @@ done: + + return ret; + } ++ ++errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64, ++ uint8_t **key_blob, size_t *key_size) ++{ ++ int ret; ++ uint8_t *der_blob; ++ size_t der_size; ++ ++ der_blob = sss_base64_decode(mem_ctx, derb64, &der_size); ++ if (der_blob == NULL) { ++ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n"); ++ return EIO; ++ } ++ ++ ret = get_ssh_key_from_cert(mem_ctx, der_blob, der_size, ++ key_blob, key_size); ++ talloc_free(der_blob); ++ ++ return ret; ++} +diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c +index 80c10eff1..1846ff89a 100644 +--- a/src/util/cert/cert_common_p11_child.c ++++ b/src/util/cert/cert_common_p11_child.c +@@ -28,7 +28,6 @@ struct cert_to_ssh_key_state { + time_t timeout; + const char **extra_args; + const char **certs; +- struct ldb_val *bin_certs; + struct ldb_val *keys; + size_t cert_count; + size_t iter; +@@ -74,7 +73,6 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO + : child_debug_fd; + state->timeout = timeout; +- state->bin_certs = bin_certs; + state->io = talloc(state, struct child_io_fds); + if (state->io == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n"); +@@ -138,6 +136,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + ret = EINVAL; + goto done; + } ++ + state->cert_count++; + } + +@@ -289,11 +288,10 @@ static void cert_to_ssh_key_done(int child_status, + if (valid) { + DEBUG(SSSDBG_TRACE_LIBS, "Certificate [%s] is valid.\n", + state->certs[state->iter]); +- ret = get_ssh_key_from_cert(state->keys, +- state->bin_certs[state->iter].data, +- state->bin_certs[state->iter].length, +- &state->keys[state->iter].data, +- &state->keys[state->iter].length); ++ ret = get_ssh_key_from_derb64(state->keys, ++ state->certs[state->iter], ++ &state->keys[state->iter].data, ++ &state->keys[state->iter].length); + if (ret == EOK) { + state->valid_keys++; + } else { +-- +2.20.1 + diff --git a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch new file mode 100644 index 0000000..32bacee --- /dev/null +++ b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch @@ -0,0 +1,314 @@ +From 849d495ea948e75ecb4ea469c9f8db4a740a2377 Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Fri, 7 Feb 2020 20:32:45 +0100 +Subject: [PATCH 27/27] ssh: add 'no_rules' and 'all_rules' to + ssh_use_certificate_matching_rules +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +To make ssh_use_certificate_matching_rules option more flexible and +predictable the keywords 'all_rules' and 'no_rules' are added. +'no_rules' can be used to allow all certificates. + +If rules names are given but no matching rules can be found this is +considered an error and no ssh keys will be derived from the +certificates. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman <thalman@redhat.com> +--- + src/man/sssd.conf.5.xml | 16 +++-- + src/responder/ssh/ssh_cmd.c | 33 ++++++--- + src/responder/ssh/ssh_private.h | 1 + + src/responder/ssh/ssh_reply.c | 8 +++ + src/tests/cmocka/test_ssh_srv.c | 122 +++++++++++++++++++++++++++++++- + 5 files changed, 165 insertions(+), 15 deletions(-) + +diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml +index ef07c43d3..f71fbf4aa 100644 +--- a/src/man/sssd.conf.5.xml ++++ b/src/man/sssd.conf.5.xml +@@ -1760,12 +1760,20 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + will be ignored. + </para> + <para> +- If a non-existing rule name is given all rules will +- be ignored and all available certificates will be +- used to derive ssh keys. ++ There are two special key words 'all_rules' and ++ 'no_rules' which will enable all or no rules, ++ respectively. The latter means that no certificates ++ will be filtered out and ssh keys will be generated ++ from all valid certificates. + </para> + <para> +- Default: not set, all found rules are used ++ A non-existing rule name is considered an error. ++ If as a result no rule is selected all certificates ++ will be ignored. ++ </para> ++ <para> ++ Default: not set, equivalent to 'all_rules, ++ all found rules are used + </para> + </listitem> + </varlistentry> +diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c +index 09f9b73b6..d1e7c667b 100644 +--- a/src/responder/ssh/ssh_cmd.c ++++ b/src/responder/ssh/ssh_cmd.c +@@ -157,10 +157,26 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + size_t c; + int ret; + bool rule_added; ++ bool all_rules = false; ++ bool no_rules = false; ++ ++ ssh_ctx->cert_rules_error = false; ++ ++ if (ssh_ctx->cert_rules == NULL || ssh_ctx->cert_rules[0] == NULL) { ++ all_rules = true; ++ } else if (ssh_ctx->cert_rules[0] != NULL ++ && ssh_ctx->cert_rules[1] == NULL) { ++ if (strcmp(ssh_ctx->cert_rules[0], "all_rules") == 0) { ++ all_rules = true; ++ } else if (strcmp(ssh_ctx->cert_rules[0], "no_rules") == 0) { ++ no_rules = true; ++ } ++ } + + if (!ssh_ctx->use_cert_keys + || ssh_ctx->certmap_last_read +- >= ssh_ctx->rctx->get_domains_last_call.tv_sec) { ++ >= ssh_ctx->rctx->get_domains_last_call.tv_sec ++ || no_rules) { + DEBUG(SSSDBG_TRACE_ALL, "No certmap update needed.\n"); + return EOK; + } +@@ -180,9 +196,8 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + + for (c = 0; certmap_list[c] != NULL; c++) { + +- if (ssh_ctx->cert_rules != NULL +- && !string_in_list(certmap_list[c]->name, +- ssh_ctx->cert_rules, true)) { ++ if (!all_rules && !string_in_list(certmap_list[c]->name, ++ ssh_ctx->cert_rules, true)) { + DEBUG(SSSDBG_TRACE_ALL, "Skipping matching rule [%s], it is " + "not listed in the ssh_use_certificate_matching_rules " + "option.\n", certmap_list[c]->name); +@@ -212,11 +227,12 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + if (!rule_added) { +- DEBUG(SSSDBG_TRACE_ALL, +- "No matching rule added, all certificates will be used.\n"); ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "No matching rule added, please check " ++ "ssh_use_certificate_matching_rules option values for typos .\n"); + +- sss_certmap_free_ctx(sss_certmap_ctx); +- sss_certmap_ctx = NULL; ++ ret = EINVAL; ++ goto done; + } + + ret = EOK; +@@ -228,6 +244,7 @@ done: + ssh_ctx->certmap_last_read = ssh_ctx->rctx->get_domains_last_call.tv_sec; + } else { + sss_certmap_free_ctx(sss_certmap_ctx); ++ ssh_ctx->cert_rules_error = true; + } + + return ret; +diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h +index 76a1aead3..028ccd616 100644 +--- a/src/responder/ssh/ssh_private.h ++++ b/src/responder/ssh/ssh_private.h +@@ -40,6 +40,7 @@ struct ssh_ctx { + time_t certmap_last_read; + struct sss_certmap_ctx *sss_certmap_ctx; + char **cert_rules; ++ bool cert_rules_error; + }; + + struct sss_cmd_table *get_ssh_cmds(void); +diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c +index 1200a3a36..97914266d 100644 +--- a/src/responder/ssh/ssh_reply.c ++++ b/src/responder/ssh/ssh_reply.c +@@ -196,6 +196,14 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx, + goto done; + } + ++ if (state->ssh_ctx->cert_rules_error) { ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "Skipping keys from certificates because there was an error " ++ "while processing matching rules.\n"); ++ ret = EOK; ++ goto done; ++ } ++ + ret = confdb_get_string(cli_ctx->rctx->cdb, state, + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_CERT_VERIFICATION, NULL, +diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c +index 45915f681..fc43663a7 100644 +--- a/src/tests/cmocka/test_ssh_srv.c ++++ b/src/tests/cmocka/test_ssh_srv.c +@@ -712,6 +712,120 @@ void test_ssh_user_pubkey_cert_with_rule(void **state) + assert_int_equal(ret, EOK); + } + ++void test_ssh_user_pubkey_cert_with_all_rules(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* Both rules are enabled, both certificates should be handled. */ ++ const char *rule_list[] = { "all_rules", NULL }; ++ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL}; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ ++void test_ssh_user_pubkey_cert_with_no_rules(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* No rules should be used, both certificates should be handled. */ ++ const char *rule_list[] = { "no_rules", NULL }; ++ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL}; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ + void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + { + int ret; +@@ -743,8 +857,6 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); +- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); +- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + + /* Enable certificate support */ + ssh_test_ctx->ssh_ctx->use_cert_keys = true; +@@ -760,7 +872,7 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + "/src/tests/test_CA/SSSD_test_CA.pem"); + #endif + +- set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ set_cmd_cb(test_ssh_user_one_pubkey_check); + ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, + ssh_test_ctx->ssh_cmds); + assert_int_equal(ret, EOK); +@@ -852,6 +964,10 @@ int main(int argc, const char *argv[]) + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule, + ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules, ++ ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules, ++ ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name, + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule_1, +-- +2.20.1 + diff --git a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch new file mode 100644 index 0000000..32b7d65 --- /dev/null +++ b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch @@ -0,0 +1,50 @@ +From 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac Mon Sep 17 00:00:00 2001 +From: Simo Sorce <simo@redhat.com> +Date: Tue, 10 Sep 2019 14:33:37 +0000 +Subject: [PATCH] Add TCP level timeout to LDAP services + +In some cases the TCP connection may hang with data sent because +of network conditions, this may cause the socket to stall for much +longer than the timeout intended. +Set a TCP option to forcibly timeout a socket that sees its data not +ACKed within the ldap_network_timeout seconds. + +Signed-off-by: Simo Sorce <simo@redhat.com> + +Reviewed-by: Sumit Bose <sbose@redhat.com> +--- + src/util/sss_sockets.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c +index 0e4d8df8a..b6b6dbac5 100644 +--- a/src/util/sss_sockets.c ++++ b/src/util/sss_sockets.c +@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout) + int dummy = 1; + int ret; + struct timeval tv; ++ unsigned int milli; + + /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but + * failures are ignored.*/ +@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout) + "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, + strerror(ret)); + } ++ ++ milli = timeout * 1000; /* timeout in milliseconds */ ++ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, ++ sizeof(milli)); ++ if (ret != 0) { ++ ret = errno; ++ DEBUG(SSSDBG_FUNC_DATA, ++ "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, ++ strerror(ret)); ++ } + } + + return EOK; +-- +2.21.1 + diff --git a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch new file mode 100644 index 0000000..967a1c3 --- /dev/null +++ b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch @@ -0,0 +1,46 @@ +From 5b87af6f5b50c464ee7ea4558f73431e398e1423 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> +Date: Mon, 10 Feb 2020 11:52:35 +0100 +Subject: [PATCH] sss_sockets: pass pointer instead of integer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +``` +/home/pbrezina/workspace/sssd/src/util/sss_sockets.c: In function ‘set_fd_common_opts’: +/home/pbrezina/workspace/sssd/src/util/sss_sockets.c:123:61: error: passing argument 4 of ‘setsockopt’ makes pointer from integer without a cast [-Werror=int-conversion] + 123 | ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, + | ^~~~~ + | | + | unsigned int +In file included from /home/pbrezina/workspace/sssd/src/util/sss_sockets.c:28: +/usr/include/sys/socket.h:216:22: note: expected ‘const void *’ but argument is of type ‘unsigned int’ + 216 | const void *__optval, socklen_t __optlen) __THROW; + | ~~~~~~~~~~~~^~~~~~~~ + CC src/util/sssd_kcm-sss_iobuf.o +cc1: all warnings being treated as errors +``` + +Introduced by 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac + +Reviewed-by: Sumit Bose <sbose@redhat.com> +--- + src/util/sss_sockets.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c +index b6b6dbac5..6f2b71bc8 100644 +--- a/src/util/sss_sockets.c ++++ b/src/util/sss_sockets.c +@@ -120,7 +120,7 @@ static errno_t set_fd_common_opts(int fd, int timeout) + } + + milli = timeout * 1000; /* timeout in milliseconds */ +- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, ++ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, + sizeof(milli)); + if (ret != 0) { + ret = errno; +-- +2.21.1 + diff --git a/SOURCES/0030-ssh-fix-matching-rules-default.patch b/SOURCES/0030-ssh-fix-matching-rules-default.patch new file mode 100644 index 0000000..ec3e047 --- /dev/null +++ b/SOURCES/0030-ssh-fix-matching-rules-default.patch @@ -0,0 +1,235 @@ +From 6f7f15691b071cefd4e04a9fee44af580b6c502b Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Mon, 9 Mar 2020 13:39:47 +0100 +Subject: [PATCH] ssh: fix matching rules default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before the ssh_use_certificate_matching_rules option was added the ssh +responder returned ssh keys derived from all valid certificates. Since +the default of the ssh_use_certificate_matching_rules option is +'all_rules' in a case where no matching rules are defined all +certificated will be filtered out and no ssh keys are returned. + +The intention of the default was to allow the same same certificates +which are allowed in the PAM responder for authentication. The missing +default matching rule which is currently use by the PAM responder if no +other rules are available is added by this patch. + +There might still be a small regression in case certificates without the +extended key usage (EKU) clientAuth were used for ssh. In this case +'ssh_use_certificate_matching_rules = no_rules' or a suitable matching +rule must be added to the configuration. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman <thalman@redhat.com> +--- + src/man/sssd.conf.5.xml | 9 ++++- + src/responder/pam/pam_helpers.h | 2 ++ + src/responder/pam/pamsrv_p11.c | 3 +- + src/responder/ssh/ssh_cmd.c | 30 +++++++++++++---- + src/tests/cmocka/test_ssh_srv.c | 58 +++++++++++++++++++++++++++++++++ + 5 files changed, 93 insertions(+), 9 deletions(-) + +diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml +index 58383579c..a2567f5ac 100644 +--- a/src/man/sssd.conf.5.xml ++++ b/src/man/sssd.conf.5.xml +@@ -1766,6 +1766,13 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + will be filtered out and ssh keys will be generated + from all valid certificates. + </para> ++ <para> ++ If no rules are configured using 'all_rules' will ++ enable a default rule which enables all ++ certificates suitable for client authentication. ++ This is the same behavior as for the PAM responder ++ if certificate authentication is enabled. ++ </para> + <para> + A non-existing rule name is considered an error. + If as a result no rule is selected all certificates +@@ -1773,7 +1780,7 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + </para> + <para> + Default: not set, equivalent to 'all_rules, +- all found rules are used ++ all found rules or the default rule are used + </para> + </listitem> + </varlistentry> +diff --git a/src/responder/pam/pam_helpers.h b/src/responder/pam/pam_helpers.h +index 614389706..23fd308bb 100644 +--- a/src/responder/pam/pam_helpers.h ++++ b/src/responder/pam/pam_helpers.h +@@ -25,6 +25,8 @@ + + #include "util/util.h" + ++#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth" ++ + errno_t pam_initgr_cache_set(struct tevent_context *ev, + hash_table_t *id_table, + char *name, +diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c +index 0dc53a826..8e276b200 100644 +--- a/src/responder/pam/pamsrv_p11.c ++++ b/src/responder/pam/pamsrv_p11.c +@@ -26,13 +26,12 @@ + #include "util/child_common.h" + #include "util/strtonum.h" + #include "responder/pam/pamsrv.h" ++#include "responder/pam/pam_helpers.h" + #include "lib/certmap/sss_certmap.h" + #include "util/crypto/sss_crypto.h" + #include "db/sysdb.h" + + +-#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth" +- + struct cert_auth_info { + char *cert; + char *token_name; +diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c +index e42e29bfd..a593c904f 100644 +--- a/src/responder/ssh/ssh_cmd.c ++++ b/src/responder/ssh/ssh_cmd.c +@@ -29,6 +29,7 @@ + #include "responder/common/responder.h" + #include "responder/common/cache_req/cache_req.h" + #include "responder/ssh/ssh_private.h" ++#include "responder/pam/pam_helpers.h" + #include "lib/certmap/sss_certmap.h" + + struct ssh_cmd_ctx { +@@ -159,6 +160,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + bool rule_added; + bool all_rules = false; + bool no_rules = false; ++ bool rules_present = false; + + ssh_ctx->cert_rules_error = false; + +@@ -195,6 +197,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + for (c = 0; certmap_list[c] != NULL; c++) { ++ rules_present = true; + + if (!all_rules && !string_in_list(certmap_list[c]->name, + ssh_ctx->cert_rules, true)) { +@@ -227,12 +230,27 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + if (!rule_added) { +- DEBUG(SSSDBG_CONF_SETTINGS, +- "No matching rule added, please check " +- "ssh_use_certificate_matching_rules option values for typos .\n"); +- +- ret = EINVAL; +- goto done; ++ if (!rules_present) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "No rules available, trying to add default matching rule.\n"); ++ ret = sss_certmap_add_rule(sss_certmap_ctx, SSS_CERTMAP_MIN_PRIO, ++ CERT_AUTH_DEFAULT_MATCHING_RULE, ++ NULL, NULL); ++ if (ret != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ "Failed to add default matching rule [%d][%s].\n", ++ ret, sss_strerror(ret)); ++ goto done; ++ } ++ } else { ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "No matching rule added, please check " ++ "ssh_use_certificate_matching_rules option values for " ++ "typos.\n"); ++ ++ ret = EINVAL; ++ goto done; ++ } + } + + ret = EOK; +diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c +index fc43663a7..a48013416 100644 +--- a/src/tests/cmocka/test_ssh_srv.c ++++ b/src/tests/cmocka/test_ssh_srv.c +@@ -769,6 +769,62 @@ void test_ssh_user_pubkey_cert_with_all_rules(void **state) + assert_int_equal(ret, EOK); + } + ++void test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* Both rules are enabled, both certificates should be handled. */ ++ const char *rule_list[] = { "all_rules", NULL }; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = NULL; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ + void test_ssh_user_pubkey_cert_with_no_rules(void **state) + { + int ret; +@@ -966,6 +1022,8 @@ int main(int argc, const char *argv[]) + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules, + ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present, ++ ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules, + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name, +-- +2.21.1 + diff --git a/SOURCES/0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec b/SOURCES/0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec new file mode 100644 index 0000000..f24afe3 --- /dev/null +++ b/SOURCES/0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec @@ -0,0 +1,26 @@ +From 8d38a4b28ab7af15406b244910f369ba1aff02db Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek <jhrozek@redhat.com> +Date: Thu, 30 Oct 2014 15:59:17 +0100 +Subject: [PATCH 93/93] NOUPSTREAM: Default to root if sssd user is not + specified + +--- + src/monitor/monitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c +index 0dea327213a1ad04b6f69c0ffb0fb87254420796..20b4aef4ee94fd42de1585d7d7c2e01ea01845ac 100644 +--- a/src/monitor/monitor.c ++++ b/src/monitor/monitor.c +@@ -925,7 +925,7 @@ static int get_service_user(struct mt_ctx *ctx) + + ret = confdb_get_string(ctx->cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_USER_RUNAS, +- SSSD_USER, &user_str); ++ "root", &user_str); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the user to run as\n"); + return ret; +-- +1.9.3 + diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec new file mode 100644 index 0000000..52bd737 --- /dev/null +++ b/SPECS/sssd.spec @@ -0,0 +1,3026 @@ +# we don't want to provide private python extension libs +%define __provides_exclude_from %{python3_sitearch}/.*\.so$|%{_libdir}/%{name}/modules/libwbclient.so.*$ + +# SSSD fails to build with -Wl,-z,defs +%undefine _strict_symbol_defs_build + +%define _hardened_build 1 + +%global install_pcscd_polkit_rule 1 + +# Determine the location of the LDB modules directory +%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) +%global ldb_version 1.2.0 + +%global enable_systemtap 1 + %global enable_systemtap_opt --enable-systemtap + +%global libwbc_alternatives_version 0.14 +%global libwbc_lib_version %{libwbc_alternatives_version}.0 +%global libwbc_alternatives_suffix %nil +%if 0%{?__isa_bits} == 64 +%global libwbc_alternatives_suffix -64 +%endif + +Name: sssd +Version: 2.2.3 +Release: 20%{?dist} +Group: Applications/System +Summary: System Security Services Daemon +License: GPLv3+ +URL: https://pagure.io/SSSD/sssd/ +Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz + +### Patches ### +Patch0001: 0001-INI-sssctl-config-check-command-error-messages.patch +Patch0002: 0002-certmap-mention-special-regex-characters-in-man-page.patch +Patch0003: 0003-ldap_child-do-not-try-PKINIT.patch +Patch0004: 0004-util-watchdog-fixed-watchdog-implementation.patch +Patch0005: 0005-providers-krb5-got-rid-of-unused-code.patch +Patch0006: 0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch +Patch0007: 0007-util-server-improved-debug-at-shutdown.patch +Patch0008: 0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch +Patch0009: 0009-sdap-Add-randomness-to-ldap-connection-timeout.patch +Patch0010: 0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch +Patch0011: 0011-ad-add-ad_use_ldaps.patch +Patch0012: 0012-ldap-add-new-option-ldap_sasl_maxssf.patch +Patch0013: 0013-ad-set-min-and-max-ssf-for-ldaps.patch +Patch0014: 0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch +Patch0015: 0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch +Patch0016: 0016-zanata-Pulled-new-translations.patch +Patch0017: 0017-sbus_server-stylistic-rename.patch +Patch0018: 0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch +Patch0019: 0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch +Patch0020: 0020-sss_ptr_hash-removed-redundant-check.patch +Patch0021: 0021-sss_ptr_hash-fixed-memory-leak.patch +Patch0022: 0022-sss_ptr_hash-internal-refactoring.patch +Patch0023: 0023-TESTS-added-sss_ptr_hash-unit-test.patch +Patch0024: 0024-p11_child-check-if-card-is-present-in-wait_for_card.patch +Patch0025: 0025-PAM-client-only-require-UID-0-for-private-socket.patch +Patch0026: 0026-ssh-do-not-mix-different-certificate-lists.patch +Patch0027: 0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch +Patch0028: 0028-Add-TCP-level-timeout-to-LDAP-services.patch +Patch0029: 0029-sss_sockets-pass-pointer-instead-of-integer.patch +Patch0030: 0030-ssh-fix-matching-rules-default.patch + +### Downstream Patches ### + +#This patch should not be removed in RHEL-8 +Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec + +### Dependencies ### + +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-ad = %{version}-%{release} +Recommends: sssd-proxy = %{version}-%{release} +Requires: python3-sssdconfig = %{version}-%{release} +Suggests: sssd-dbus = %{version}-%{release} + +%global servicename sssd +%global sssdstatedir %{_localstatedir}/lib/sss +%global dbpath %{sssdstatedir}/db +%global keytabdir %{sssdstatedir}/keytabs +%global pipepath %{sssdstatedir}/pipes +%global mcpath %{sssdstatedir}/mc +%global pubconfpath %{sssdstatedir}/pubconf +%global gpocachepath %{sssdstatedir}/gpo_cache +%global secdbpath %{sssdstatedir}/secrets +%global deskprofilepath %{sssdstatedir}/deskprofile + +### Build Dependencies ### + +BuildRequires: make +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: gcc +BuildRequires: popt-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: libtdb-devel +BuildRequires: libldb-devel >= %{ldb_version} +BuildRequires: libdhash-devel >= 0.4.2 +BuildRequires: libcollection-devel +BuildRequires: libini_config-devel >= 1.1 +BuildRequires: dbus-devel +BuildRequires: dbus-libs +BuildRequires: openldap-devel +BuildRequires: pam-devel +BuildRequires: nss-devel +BuildRequires: nspr-devel +BuildRequires: pcre-devel +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-style-xsl +BuildRequires: krb5-devel +BuildRequires: c-ares-devel +BuildRequires: python3-devel +BuildRequires: check-devel +BuildRequires: doxygen +BuildRequires: libselinux-devel +BuildRequires: libsemanage-devel +BuildRequires: bind-utils +BuildRequires: keyutils-libs-devel +BuildRequires: gettext-devel +BuildRequires: pkgconfig +BuildRequires: diffstat +BuildRequires: findutils +BuildRequires: glib2-devel +BuildRequires: selinux-policy-targeted +BuildRequires: libcmocka-devel >= 1.0.0 +BuildRequires: uid_wrapper +BuildRequires: nss_wrapper +BuildRequires: pam_wrapper +BuildRequires: p11-kit-devel +BuildRequires: openssl-devel +BuildRequires: gnutls-utils +BuildRequires: softhsm >= 2.1.0 +BuildRequires: openssl +BuildRequires: openssh +BuildRequires: libnl3-devel +BuildRequires: systemd-devel +BuildRequires: systemd +BuildRequires: cifs-utils-devel +BuildRequires: libnfsidmap-devel +BuildRequires: samba4-devel +BuildRequires: libsmbclient-devel +BuildRequires: samba-winbind +BuildRequires: systemtap-sdt-devel +BuildRequires: libuuid-devel +BuildRequires: jansson-devel +BuildRequires: gdm-pam-extensions-devel + +%description +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a plug-gable back-end system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +The sssd sub-package is a meta-package that contains the daemon as well as all +the existing back ends. + +%package common +Summary: Common files for the SSSD +Group: Applications/System +License: GPLv3+ +# Conflicts +Conflicts: selinux-policy < 3.10.0-46 +Conflicts: sssd < 1.10.0-8%{?dist}.beta2 +# Requires +# Explicitly require RHEL-8.0 versions of the Samba libraries +# in order to prevent untested combinations of a new SSSD and +# older libraries. See e.g. rhbz#1593756 +Requires: libtalloc >= 2.1.14-1 +Requires: libtevent >= 0.9.37-1 +Requires: libldb >= 1.4.2-1 +Requires: libtdb >= 1.3.16-1 +# due to ABI changes in 1.1.30/1.2.0 +Requires: libldb >= %{ldb_version} +Requires: sssd-client%{?_isa} = %{version}-%{release} +Recommends: libsss_sudo = %{version}-%{release} +Recommends: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: sssd-nfs-idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires(pre): shadow-utils +%{?systemd_requires} + +### Provides ### +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +sub-packages such as sssd-ldap. + +%package client +Summary: SSSD Client libraries for NSS and PAM +Group: Applications/System +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libsss_sudo +Summary: A library to allow communication between SUDO and SSSD +Group: Development/Libraries +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_sudo +A utility library to allow communication between SUDO and SSSD + +%package -n libsss_autofs +Summary: A library to allow communication between Autofs and SSSD +Group: Development/Libraries +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_autofs +A utility library to allow communication between Autofs and SSSD + +%package tools +Summary: Userspace tools for use with the SSSD +Group: Applications/System +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +# required by sss_obfuscate +Requires: python3-sss = %{version}-%{release} +Requires: python3-sssdconfig = %{version}-%{release} +Recommends: sssd-dbus + +%description tools +Provides userspace tools for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other administrative tools: + * sss_debuglevel to change the debug level on the fly + * sss_seed which pre-creates a user entry for use in kickstarts + * sss_obfuscate for generating an obfuscated LDAP password + * sssctl -- an sssd status and control utility + +%package -n python3-sssdconfig +Summary: SSSD and IPA configuration file manipulation classes and functions +Group: Applications/System +License: GPLv3+ +BuildArch: noarch +%{?python_provide:%python_provide python3-sssdconfig} + +%description -n python3-sssdconfig +Provides python3 files for manipulation SSSD and IPA configuration files. + +%package -n python3-sss +Summary: Python3 bindings for sssd +Group: Development/Libraries +License: LGPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?python_provide:%python_provide python3-sss} + +%description -n python3-sss +Provides python3 module for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other useful python3 bindings: + * function for retrieving list of groups user belongs to. + * class for obfuscation of passwords + +%package -n python3-sss-murmur +Summary: Python3 bindings for murmur hash function +Group: Development/Libraries +License: LGPLv3+ +%{?python_provide:%python_provide python3-sss-murmur} + +%description -n python3-sss-murmur +Provides python3 module for calculating the murmur hash version 3 + +%package ldap +Summary: The LDAP back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: cyrus-sasl-gssapi%{?_isa} +Requires: sssd-common = %{version}-%{release} +Requires(pre): shadow-utils + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package common-pac +Summary: Common files needed for supporting PAC processing +Group: Applications/System +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} + +%description common-pac +Provides common files needed by SSSD providers such as IPA and Active Directory +for handling Kerberos PACs. + +%package ipa +Summary: The IPA back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Recommends: bind-utils +Requires: sssd-common-pac = %{version}-%{release} +Requires(pre): shadow-utils + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package ad +Summary: The AD back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: sssd-common-pac = %{version}-%{release} +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-libwbclient = %{version}-%{release} +Suggests: sssd-winbind-idmap = %{version}-%{release} + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + +%package proxy +Summary: The proxy back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires(pre): shadow-utils + +%description proxy +Provides the proxy back end which can be used to wrap an existing NSS and/or +PAM modules to leverage SSSD caching. + +%package -n libsss_idmap +Summary: FreeIPA Idmap library +Group: Development/Libraries +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libsss_idmap +Utility library to convert SIDs to Unix uids and gids + +%package -n libsss_idmap-devel +Summary: FreeIPA Idmap library +Group: Development/Libraries +License: LGPLv3+ +Requires: libsss_idmap = %{version}-%{release} + +%description -n libsss_idmap-devel +Utility library to SIDs to Unix uids and gids + +%package -n libipa_hbac +Summary: FreeIPA HBAC Evaluator library +Group: Development/Libraries +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libipa_hbac +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n libipa_hbac-devel +Summary: FreeIPA HBAC Evaluator library +Group: Development/Libraries +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} + +%description -n libipa_hbac-devel +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n python3-libipa_hbac +Summary: Python3 bindings for the FreeIPA HBAC Evaluator library +Group: Development/Libraries +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} +%{?python_provide:%python_provide python3-libipa_hbac} + +%description -n python3-libipa_hbac +The python3-libipa_hbac contains the bindings so that libipa_hbac can be +used by Python applications. + +%package -n libsss_nss_idmap +Summary: Library for SID and certificate based lookups +Group: Development/Libraries +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libsss_nss_idmap +Utility library for SID and certificate based lookups + +%package -n libsss_nss_idmap-devel +Summary: Library for SID and certificate based lookups +Group: Development/Libraries +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} + +%description -n libsss_nss_idmap-devel +Utility library for SID and certificate based lookups + +%package -n python3-libsss_nss_idmap +Summary: Python3 bindings for libsss_nss_idmap +Group: Development/Libraries +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} +%{?python_provide:%python_provide python3-libsss_nss_idmap} + +%description -n python3-libsss_nss_idmap +The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can +be used by Python applications. + +%package dbus +Summary: The D-Bus responder of the SSSD +Group: Applications/System +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + +%if (0%{?install_pcscd_polkit_rule} == 1) +%package polkit-rules +Summary: Rules for polkit integration for SSSD +Group: Applications/System +License: GPLv3+ +Requires: polkit >= 0.106 +Requires: sssd-common = %{version}-%{release} + +%description polkit-rules +Provides rules for polkit integration with SSSD. This is required +for smartcard support. +%endif + +%package -n libsss_simpleifp +Summary: The SSSD D-Bus responder helper library +Group: Development/Libraries +License: GPLv3+ +Requires: sssd-dbus = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libsss_simpleifp +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package -n libsss_simpleifp-devel +Summary: The SSSD D-Bus responder helper library +Group: Development/Libraries +License: GPLv3+ +Requires: dbus-devel +Requires: libsss_simpleifp = %{version}-%{release} + +%description -n libsss_simpleifp-devel +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package libwbclient +Summary: The SSSD libwbclient implementation +Group: Applications/System +License: GPLv3+ and LGPLv3+ +Conflicts: libwbclient < 4.2.0-0.2.rc2 +Conflicts: sssd-common < %{version}-%{release} + +%description libwbclient +The SSSD libwbclient implementation. + +%package libwbclient-devel +Summary: Development libraries for the SSSD libwbclient implementation +Group: Development/Libraries +License: GPLv3+ and LGPLv3+ +Requires: sssd-libwbclient = %{version}-%{release} +Conflicts: libwbclient-devel < 4.2.0-0.2.rc2 + +%description libwbclient-devel +Development libraries for the SSSD libwbclient implementation. + +%package winbind-idmap +Summary: SSSD's idmap_sss Backend for Winbind +Group: Applications/System +License: GPLv3+ and LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description winbind-idmap +The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs +and SIDs. + +%package nfs-idmap +Summary: SSSD plug-in for NFSv4 rpc.idmapd +Group: Applications/System +License: GPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description nfs-idmap +The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map +UIDs/GIDs to names and vice versa. It can be also used for mapping principal +(user) name to IDs(UID or GID) or to obtain groups which user are member of. + +%package -n libsss_certmap +Summary: SSSD Certificate Mapping Library +Group: Development/Libraries +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_certmap +Library to map certificates to users based on rules + +%package -n libsss_certmap-devel +Summary: SSSD Certificate Mapping Library +Group: Development/Libraries +License: LGPLv3+ +Requires: libsss_certmap = %{version}-%{release} + +%description -n libsss_certmap-devel +Library to map certificates to users based on rules + +%package kcm +Summary: An implementation of a Kerberos KCM server +Group: Applications/System +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description kcm +An implementation of a Kerberos KCM server. Use this package if you want to +use the KCM: Kerberos credentials cache. + +%prep +# Update timestamps on the files touched by a patch, to avoid non-equal +# .pyc/.pyo files across the multilib peers within a build, where "Level" +# is the patch prefix option (e.g. -p1) +# Taken from specfile for python-simplejson +UpdateTimestamps() { + Level=$1 + PatchFile=$2 + + # Locate the affected files: + for f in $(diffstat $Level -l $PatchFile); do + # Set the files to have the same timestamp as that of the patch: + touch -r $PatchFile $f + done +} + +%setup -q + +for p in %patches ; do + %__patch -p1 -i $p + UpdateTimestamps -p1 $p +done + +%build +autoreconf -ivf + +%configure \ + --with-test-dir=/dev/shm \ + --with-db-path=%{dbpath} \ + --with-mcache-path=%{mcpath} \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ + --with-gpo-cache-path=%{gpocachepath} \ + --with-init-dir=%{_initrddir} \ + --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ + --enable-nsslibdir=%{_libdir} \ + --enable-pammoddir=%{_libdir}/security \ + --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ + --disable-static \ + --with-crypto=libcrypto \ + --disable-rpath \ + --with-initscript=systemd \ + --with-syslog=journald \ + --enable-sss-default-nss-plugin \ + --enable-files-domain \ + --without-python2-bindings \ + --with-sssd-user=sssd \ + %{?with_cifs_utils_plugin_option} \ + %{?enable_systemtap_opt} \ + + +make %{?_smp_mflags} all docs +make -C po ja.gmo +make -C po fr.gmo + +%check +export CK_TIMEOUT_MULTIPLIER=10 +make %{?_smp_mflags} check VERBOSE=yes +unset CK_TIMEOUT_MULTIPLIER + +%install + +sed -i -e 's:/usr/bin/python:%{__python3}:' src/tools/sss_obfuscate + +make install DESTDIR=$RPM_BUILD_ROOT + +if [ ! -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} ] +then + echo "Expected libwbclient version not found, please check if version has changed." + exit -1 +fi + +# Prepare language files +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd + +# Copy default logrotate file +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d +install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd + +# Make sure SSSD is able to run on read-only root +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d +install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd + +# Kerberos KCM credential cache by default +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d +cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ + $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache + +# Create directory for cifs-idmap alternative +# Otherwise this directory could not be owned by sssd-client +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils + +# Remove .la files created by libtool +find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; + +# Suppress developer-only documentation +rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} + +# Older versions of rpmbuild can only handle one -f option +# So we need to append to the sssd*.lang file +for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null` +do + echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang +done + +touch sssd.lang +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + touch $subpackage.lang +done + +for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` +do + lang=`echo $man | cut -c 1-2` + case `basename $man` in + sss_cache*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_ssh*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_rpcidmapd*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang + ;; + sss_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssctl*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssd_krb5_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + pam_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-ldap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang + ;; + sssd-krb5*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang + ;; + sssd-ipa*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang + ;; + sssd-ad*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang + ;; + sssd-proxy*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang + ;; + sssd-ifp*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang + ;; + sssd-kcm*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang + ;; + idmap_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang + ;; + sss-certmap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang + ;; + *) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + esac +done + +# Print these to the rpmbuild log +echo "sssd.lang:" +cat sssd.lang + +echo "python3_sssdconfig.lang:" +cat python3_sssdconfig.lang + +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + echo "$subpackage.lang:" + cat $subpackage.lang +done + +%files +%defattr(-,root,root,-) +%license COPYING + +%files common -f sssd.lang +%defattr(-,root,root,-) +%license COPYING +%doc src/examples/sssd-example.conf +%{_sbindir}/sssd +%{_unitdir}/sssd.service +%{_unitdir}/sssd-autofs.socket +%{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-nss.socket +%{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service +%{_unitdir}/sssd-pam.socket +%{_unitdir}/sssd-pam-priv.socket +%{_unitdir}/sssd-pam.service +%{_unitdir}/sssd-ssh.socket +%{_unitdir}/sssd-ssh.service +%{_unitdir}/sssd-sudo.socket +%{_unitdir}/sssd-sudo.service + +%dir %{_libexecdir}/%{servicename} +%{_libexecdir}/%{servicename}/sssd_be +%{_libexecdir}/%{servicename}/sssd_nss +%{_libexecdir}/%{servicename}/sssd_pam +%{_libexecdir}/%{servicename}/sssd_autofs +%{_libexecdir}/%{servicename}/sssd_ssh +%{_libexecdir}/%{servicename}/sssd_sudo +%{_libexecdir}/%{servicename}/p11_child +%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders + +%dir %{_libdir}/%{name} +# The files provider is intentionally packaged in -common +%{_libdir}/%{name}/libsss_files.so +%{_libdir}/%{name}/libsss_simple.so + +#Internal shared libraries +%{_libdir}/%{name}/libsss_child.so +%{_libdir}/%{name}/libsss_crypt.so +%{_libdir}/%{name}/libsss_cert.so +%{_libdir}/%{name}/libsss_debug.so +%{_libdir}/%{name}/libsss_krb5_common.so +%{_libdir}/%{name}/libsss_ldap_common.so +%{_libdir}/%{name}/libsss_util.so +%{_libdir}/%{name}/libsss_semanage.so +%{_libdir}/%{name}/libifp_iface.so +%{_libdir}/%{name}/libifp_iface_sync.so +%{_libdir}/%{name}/libsss_iface.so +%{_libdir}/%{name}/libsss_iface_sync.so +%{_libdir}/%{name}/libsss_sbus.so +%{_libdir}/%{name}/libsss_sbus_sync.so + +%{ldb_modulesdir}/memberof.so +%{_bindir}/sss_ssh_authorizedkeys +%{_bindir}/sss_ssh_knownhostsproxy +%{_sbindir}/sss_cache +%{_libexecdir}/%{servicename}/sss_signal + +%dir %{sssdstatedir} +%dir %{_localstatedir}/cache/krb5rcache +%attr(700,sssd,sssd) %dir %{dbpath} +%attr(775,sssd,sssd) %dir %{mcpath} +%attr(700,root,root) %dir %{secdbpath} +%attr(751,root,root) %dir %{deskprofilepath} +%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group +%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups +%attr(755,sssd,sssd) %dir %{pipepath} +%attr(750,sssd,root) %dir %{pipepath}/private +%attr(755,sssd,sssd) %dir %{pubconfpath} +%attr(755,sssd,sssd) %dir %{gpocachepath} +%attr(750,sssd,sssd) %dir %{_var}/log/%{name} +%attr(700,sssd,sssd) %dir %{_sysconfdir}/sssd +%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d +%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki +%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%dir %{_sysconfdir}/logrotate.d +%config(noreplace) %{_sysconfdir}/logrotate.d/sssd +%dir %{_sysconfdir}/rwtab.d +%config(noreplace) %{_sysconfdir}/rwtab.d/sssd +%dir %{_datadir}/sssd +%{_sysconfdir}/pam.d/sssd-shadowutils +%dir %{_libdir}/%{name}/conf +%{_libdir}/%{name}/conf/sssd.conf + +%{_datadir}/sssd/cfg_rules.ini +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d +%{_mandir}/man1/sss_ssh_authorizedkeys.1* +%{_mandir}/man1/sss_ssh_knownhostsproxy.1* +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-files.5* +%{_mandir}/man5/sssd-simple.5* +%{_mandir}/man5/sssd-sudo.5* +%{_mandir}/man5/sssd-session-recording.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_cache.8* +%dir %{_datadir}/sssd/systemtap +%{_datadir}/sssd/systemtap/id_perf.stp +%{_datadir}/sssd/systemtap/nested_group_perf.stp +%{_datadir}/sssd/systemtap/dp_request.stp +%{_datadir}/sssd/systemtap/ldap_perf.stp +%dir %{_datadir}/systemtap +%dir %{_datadir}/systemtap/tapset +%{_datadir}/systemtap/tapset/sssd.stp +%{_datadir}/systemtap/tapset/sssd_functions.stp +%{_mandir}/man5/sssd-systemtap.5* + +%if (0%{?install_pcscd_polkit_rule} == 1) +%files polkit-rules +%{_datadir}/polkit-1/rules.d/* +%endif + +%files ldap -f sssd_ldap.lang +%defattr(-,root,root,-) +%license COPYING +%{_libdir}/%{name}/libsss_ldap.so +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man5/sssd-ldap-attributes.5* + +%files krb5-common +%defattr(-,root,root,-) +%license COPYING +%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child + +%files krb5 -f sssd_krb5.lang +%defattr(-,root,root,-) +%license COPYING +%{_libdir}/%{name}/libsss_krb5.so +%{_mandir}/man5/sssd-krb5.5* + +%files common-pac +%defattr(-,root,root,-) +%license COPYING +%{_libexecdir}/%{servicename}/sssd_pac + +%files ipa -f sssd_ipa.lang +%defattr(-,root,root,-) +%license COPYING +%attr(700,sssd,sssd) %dir %{keytabdir} +%{_libdir}/%{name}/libsss_ipa.so +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child +%{_mandir}/man5/sssd-ipa.5* + +%files ad -f sssd_ad.lang +%defattr(-,root,root,-) +%license COPYING +%{_libdir}/%{name}/libsss_ad.so +%{_libexecdir}/%{servicename}/gpo_child +%{_mandir}/man5/sssd-ad.5* + +%files proxy +%defattr(-,root,root,-) +%license COPYING +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child +%{_libdir}/%{name}/libsss_proxy.so + +%files dbus -f sssd_dbus.lang +%defattr(-,root,root,-) +%license COPYING +%{_libexecdir}/%{servicename}/sssd_ifp +%{_mandir}/man5/sssd-ifp.5* +%{_unitdir}/sssd-ifp.service +# InfoPipe DBus plumbing +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + +%files -n libsss_simpleifp +%defattr(-,root,root,-) +%{_libdir}/libsss_simpleifp.so.* + +%files -n libsss_simpleifp-devel +%defattr(-,root,root,-) +%doc sss_simpleifp_doc/html +%{_includedir}/sss_sifp.h +%{_includedir}/sss_sifp_dbus.h +%{_libdir}/libsss_simpleifp.so +%{_libdir}/pkgconfig/sss_simpleifp.pc + +%files client -f sssd_client.lang +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libnss_sss.so.2 +%{_libdir}/security/pam_sss.so +%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so +%dir %{_libdir}/cifs-utils +%{_libdir}/cifs-utils/cifs_idmap_sss.so +%dir %{_sysconfdir}/cifs-utils +%ghost %{_sysconfdir}/cifs-utils/idmap-plugin +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%{_mandir}/man8/pam_sss.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* + +%files -n libsss_sudo +%defattr(-,root,root,-) +%license src/sss_client/COPYING +%{_libdir}/libsss_sudo.so* + +%files -n libsss_autofs +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/libsss_autofs.so + +%files tools -f sssd_tools.lang +%defattr(-,root,root,-) +%license COPYING +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_seed +%{_sbindir}/sssctl +%{_mandir}/man8/sss_obfuscate.8* +%{_mandir}/man8/sss_override.8* +%{_mandir}/man8/sss_debuglevel.8* +%{_mandir}/man8/sss_seed.8* +%{_mandir}/man8/sssctl.8* + +%files -n python3-sssdconfig -f python3_sssdconfig.lang +%defattr(-,root,root,-) +%dir %{python3_sitelib}/SSSDConfig +%{python3_sitelib}/SSSDConfig/*.py* +%dir %{python3_sitelib}/SSSDConfig/__pycache__ +%{python3_sitelib}/SSSDConfig/__pycache__/*.py* + +%files -n python3-sss +%defattr(-,root,root,-) +%{python3_sitearch}/pysss.so + +%files -n python3-sss-murmur +%defattr(-,root,root,-) +%{python3_sitearch}/pysss_murmur.so + +%files -n libsss_idmap +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files -n libsss_idmap-devel +%defattr(-,root,root,-) +%doc idmap_doc/html +%{_includedir}/sss_idmap.h +%{_libdir}/libsss_idmap.so +%{_libdir}/pkgconfig/sss_idmap.pc + +%files -n libipa_hbac +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libipa_hbac.so.* + +%files -n libipa_hbac-devel +%defattr(-,root,root,-) +%doc hbac_doc/html +%{_includedir}/ipa_hbac.h +%{_libdir}/libipa_hbac.so +%{_libdir}/pkgconfig/ipa_hbac.pc + +%files -n libsss_nss_idmap +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_nss_idmap.so.* + +%files -n libsss_nss_idmap-devel +%defattr(-,root,root,-) +%doc nss_idmap_doc/html +%{_includedir}/sss_nss_idmap.h +%{_libdir}/libsss_nss_idmap.so +%{_libdir}/pkgconfig/sss_nss_idmap.pc + +%files -n python3-libsss_nss_idmap +%defattr(-,root,root,-) +%{python3_sitearch}/pysss_nss_idmap.so + +%files -n python3-libipa_hbac +%defattr(-,root,root,-) +%{python3_sitearch}/pyhbac.so + +%files libwbclient +%defattr(-,root,root,-) +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/libwbclient.so.* + +%files libwbclient-devel +%defattr(-,root,root,-) +%{_includedir}/wbclient_sssd.h +%{_libdir}/%{name}/modules/libwbclient.so +%{_libdir}/pkgconfig/wbclient_sssd.pc + +%files winbind-idmap -f sssd_winbind_idmap.lang +%dir %{_libdir}/samba/idmap +%{_libdir}/samba/idmap/sss.so +%{_mandir}/man8/idmap_sss.8* + +%files nfs-idmap -f sssd_nfs_idmap.lang +%{_mandir}/man5/sss_rpcidmapd.5* +%{_libdir}/libnfsidmap/sss.so + +%files -n libsss_certmap -f libsss_certmap.lang +%defattr(-,root,root,-) +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_certmap.so.* +%{_mandir}/man5/sss-certmap.5* + +%files -n libsss_certmap-devel +%defattr(-,root,root,-) +%doc certmap_doc/html +%{_includedir}/sss_certmap.h +%{_libdir}/libsss_certmap.so +%{_libdir}/pkgconfig/sss_certmap.pc + +%files kcm -f sssd_kcm.lang +%{_libexecdir}/%{servicename}/sssd_kcm +%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache +%{_unitdir}/sssd-kcm.socket +%{_unitdir}/sssd-kcm.service +%{_mandir}/man8/sssd-kcm.8* +%{_libdir}/%{name}/libsss_secrets.so + +%pre ipa +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + +%pre krb5-common +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + +%pre common +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + +%pre proxy +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + +%post common +%systemd_post sssd.service +%systemd_post sssd-autofs.socket +%systemd_post sssd-nss.socket +%systemd_post sssd-pac.socket +%systemd_post sssd-pam.socket +%systemd_post sssd-pam-priv.socket +%systemd_post sssd-ssh.socket +%systemd_post sssd-sudo.socket + +%preun common +%systemd_preun sssd.service +%systemd_preun sssd-autofs.socket +%systemd_preun sssd-nss.socket +%systemd_preun sssd-pac.socket +%systemd_preun sssd-pam.socket +%systemd_preun sssd-pam-priv.socket +%systemd_preun sssd-ssh.socket +%systemd_preun sssd-sudo.socket + +%postun common +%systemd_postun_with_restart sssd-autofs.socket +%systemd_postun_with_restart sssd-autofs.service +%systemd_postun_with_restart sssd-nss.socket +%systemd_postun_with_restart sssd-nss.service +%systemd_postun_with_restart sssd-pac.socket +%systemd_postun_with_restart sssd-pac.service +%systemd_postun_with_restart sssd-pam.socket +%systemd_postun_with_restart sssd-pam-priv.socket +%systemd_postun_with_restart sssd-pam.service +%systemd_postun_with_restart sssd-ssh.socket +%systemd_postun_with_restart sssd-ssh.service +%systemd_postun_with_restart sssd-sudo.socket +%systemd_postun_with_restart sssd-sudo.service + +%post dbus +%systemd_post sssd-ifp.service + +%preun dbus +%systemd_preun sssd-ifp.service + +%postun dbus +%systemd_postun_with_restart sssd-ifp.service + +%post kcm +%systemd_post sssd-kcm.socket + +%preun kcm +%systemd_preun sssd-kcm.socket + +%postun kcm +%systemd_postun_with_restart sssd-kcm.socket +%systemd_postun_with_restart sssd-kcm.service + +%post client +/sbin/ldconfig +/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 + +%preun client +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so +fi + +%postun client -p /sbin/ldconfig + +%post -n libsss_sudo -p /sbin/ldconfig + +%postun -n libsss_sudo -p /sbin/ldconfig + +%post -n libipa_hbac -p /sbin/ldconfig + +%postun -n libipa_hbac -p /sbin/ldconfig + +%post -n libsss_idmap -p /sbin/ldconfig + +%postun -n libsss_idmap -p /sbin/ldconfig + +%post -n libsss_nss_idmap -p /sbin/ldconfig + +%postun -n libsss_nss_idmap -p /sbin/ldconfig + +%post -n libsss_simpleifp -p /sbin/ldconfig + +%postun -n libsss_simpleifp -p /sbin/ldconfig + +%post -n libsss_certmap -p /sbin/ldconfig + +%postun -n libsss_certmap -p /sbin/ldconfig + +%posttrans common +%systemd_postun_with_restart sssd.service + +%posttrans libwbclient +%{_sbindir}/update-alternatives \ + --install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \ + libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} 5 +/sbin/ldconfig + +%preun libwbclient +%{_sbindir}/update-alternatives \ + --remove libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} +/sbin/ldconfig + +%posttrans libwbclient-devel +%{_sbindir}/update-alternatives --install %{_libdir}/libwbclient.so \ + libwbclient.so%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so 5 + +%preun libwbclient-devel +%{_sbindir}/update-alternatives --remove \ + libwbclient.so%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so + +%changelog +* Mon Mar 16 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19 +- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard + certificate EKU and perform an action based + on value when generating SSH key from a certificate + (additional patch) + +* Fri Mar 13 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19 +- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user + information + +* Fri Feb 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-18 +- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard + certificate EKU and perform an action based + on value when generating SSH key from a certificate + +* Mon Feb 24 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-17 +- Resolves: rhbz#1718193 - p11_child should have an option to skip + C_WaitForSlotEvent if the PKCS#11 module + does not implement it properly + +* Mon Feb 17 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-16 +- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is + omitted and auth_provider is krb5 + +* Wed Feb 12 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-15 +- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization + +* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-14 +- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be + specified up to the seconds + +* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13 +- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools + +* Tue Jan 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12 +* Resolves: rhbz#1794016 - sssd_be frequent crash + +* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11 +* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider + +* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10 +* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap + connection timeout + +* Tue Jan 14 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9 +* Resolves: rhbz#1783190 - [abrt] [faf] sssd: + raise(): /usr/libexec/sssd/sssd_autofs killed by 6 + + +* Thu Dec 19 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-8 +* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect + +* Thu Dec 19 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-7 +* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect + +* Sun Dec 15 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-6 +* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized + +* Sun Dec 15 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-5 +* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character + for match rules sss-certmap + +* Thu Dec 12 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-4 +* Resolves: rhbz#1781728 - sssctl config-check command does not give proper + error messages with line numbers + +* Mon Dec 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-3 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + Increasing version number to pick latest libldb + +* Sat Nov 30 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-2 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + PART2: Fix gating issue. + +* Sat Nov 30 2019 Michal Židek <mzidek@redhat.com> - 2.2.3-1 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + +* Thu Nov 21 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + +* Wed Sep 4 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-19 +- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid + new ones (kcm) + +* Sun Sep 1 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-18 +- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 +- Also sync. kcm multihost tests with master + +* Sun Sep 1 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-17 +- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome + keyring +- Also apply a patch to fix gating tests issue + +* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-16 +- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get + the IP address of the machine updated in IPA upon + sssd.service startup + +* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-15 +- Resolves: rhbz#1736265 - Smart Card auth of local user: endless + loop if wrong PIN was provided + +* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-14 +- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" + should not cause files domain entries to be + qualified, this can break sudo access + +* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-13 +- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the + systemd-user service in the account phase in RHEL-8 + +* Sun Aug 18 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-12 +- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets + +* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-11 +- Resolves: rhbz#1733372 - permission denied on logs when running sssd as + non-root user + +* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-10 +- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing + the trailing colon + +* Fri Aug 9 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-9 +- Resolves: rhbz#1382750 - Conflicting default timeout values + +* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-8 +- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder + repository + - This just required a raise in release number + and changelog for the record. + +* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-7 +- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is + not FIPS140 compliant + +* Fri Aug 2 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-6 +- Resolves: rhbz#1726945 - negative cache does not use values from + 'filter_users' config option for known domains + +* Thu Jul 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-5 +- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo + +* Thu Jul 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-4 +- Resolves: rhbz#1283798 - sssd failover does not work on connecting to + non-responsive ldaps:// server + +* Wed Jul 3 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-3 +- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with + no members + +* Wed Jul 3 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-2 +- Resolves: rhbz#1673443 - sssd man pages: The default value of + "ldap_user_home_directory" is not mentioned + with AD server configuration + +* Fri Jun 14 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-1 +- Resolves: rhbz#1687281 + Rebase sssd in RHEL-8.1 to the latest upstream release + +* Wed Jun 12 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-1 +- Resolves: rhbz#1687281 + Rebase sssd in RHEL-8.1 to the latest upstream release + +* Thu May 30 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-45 +- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is + done here in order to unblock gating changes before rebase. +- Related: rhbz#1682305 + +* Sun Feb 10 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-43 +- Resolves: rhbz#1672780 - gdm login not prompting for username when smart + card maps to multiple users + +* Fri Feb 08 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-42 +- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part + of gen_new to avoid a subsequent switch call + failure + +* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-41 +-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong + subdomain service name being used + +* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-40 +-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. + UnknownProperty: Unknown property + +* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-39 +- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than + 1.x, this can result in time outs + +* Mon Jan 14 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-38 +- Resolves: rhbz#1578014 - sssd does not work under non-root user +- Note: Actually the patches were in the 2.0.0-37, this one just adds this + changelog because it was missing. + +* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-36 +- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss + suggests using * for backend sss + +* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-35 +- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist + +* Thu Jan 10 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-34 +- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls + kdestroy caused by KCM returning a wrong error + code during the delete operation + +* Wed Jan 09 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-33 +- Resolves: rhbz#1646113 - Missing concise documentation about valid options + for sssd-files-provider + +* Mon Dec 17 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-32 +- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc + and libtevent to avoid an issue in GPO processing + +* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-31 +- Resolves: 1658813 - PKINIT with KCM does not work + +* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-30 +- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to + retrieve AD users through IPA Trust + +* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-29 +- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): + /usr/libexec/sssd/proxy_child killed by 6 + +* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-28 +- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories + +* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-27 +- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work + if ID provider is authenticated with GSSAPI + +* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-26 +- Resolves: rhbz#1657980 - sssd_nss memory leak + +* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-25 +- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly + for D-bus, resulting in a crash + +* Tue Dec 04 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-24 +- Resolves: rhbz#1646168 - sssctl access-report always prints an error message +- Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the + configuration without having to restart the whole + sssd +- Resolves: rhbz#1640576 - sssctl reports incorrect information about local + user's cache entry expiration time +- Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user +- Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys + +* Thu Oct 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-23 +- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui + with smart card + +* Wed Oct 24 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-22 +- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA + +* Tue Oct 16 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-21 +- Related: rhbz#1638150 - session not recording for local user when groups defined +- Also add silence a Coverity warning, which is related to rhbz#1637131 + +* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-20 +- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules + +* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-19 +- Add OSCP checks for p11_child +- Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local + users + +* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-18 +- Related: rhbz#1638006 - Files: The files provider always enumerates + which causes duplicate when running getent passwd + +* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-17 +- Related: rhbz#1637131 - pam_unix unable to match fully qualified username + provided by sssd during smartcard auth using gdm + +* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-16 +- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a + PKCS#11 URI + +* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-15 +- Related: rhbz#1611011 - Support for "require smartcard for login option" + +* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-14 +- Related: rhbz#1635595 - Cant login with smartcard with multiple certs + +* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-13 +- Backport more sbus2 fixes +- Related: rhbz#1623878 - crash related to sbus_router_destructor() + +* Wed Oct 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-12 +- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD + +* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-11 +- Resolves: rhbz#1628122 - Printing incorrect information about domain + with sssctl utility + +* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-10 +- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not + started due to a misconfiguration + +* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-9 +- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del + commands in man pages since local provider + is deprecated + +* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-8 +- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): + /usr/libexec/sssd/sssd_be killed by 11 crash + func _dbus_list_unlink + +* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-7 +- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it + differs from the default + +* Wed Sep 26 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-6 +- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup + +* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-5 +- Resolves: rhbz#1615590 - Do not rely on "python" for el8 + +* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-4 +- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local + users + +* Tue Sep 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-3 +- Resolves: rhbz#1623878 - crash related to sbus_router_destructor() + +* Thu Aug 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-2 +- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication + fails with the KCM ccache + +* Mon Aug 13 2018 Fabiano Fidêncio <fidencio@redhat.com> - 2.0.0-1 +- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version + +* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 1.16.2-2 +- Switch hardcoded python3 shebangs into the %%{__python3} macro + +* Thu Jun 14 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.2-1 +- Update to 1.16.2 release +- Cleanup unused global definitions +- Remove python2 references from the spec file +- Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x + +* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3 +- Resolves: upstream#3684 - A group is not updated if its member is removed + with the cleanup task, but the group does not + change +- Resolves: upstream#3558 - sudo: report error when two rules share cn +- Tone down shutdown messages for socket activated responders +- IPA: Qualify the externalUser sudo attribute +- Resolves: upstream#3550 - refresh_expired_interval does not work with + netgrous in 1.15 +- Resolves: upstream#3402 - Support alternative sources for the files provider +- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option +- Resolves: upstream#3679 - Make nss netgroup requests more robust +- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not + configured +- Resolves: upstream#3469 - extend sss-certmap man page regarding priority + processing +- Improve docs/debug message about GC detection +- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes + list out of bound? +- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is + set. +- Document which principal does the AD provider use +- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is + defined, but contains no SIDs +- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM +- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data + Provider returned an error + [org.freedesktop.sssd.Error.DataProvider.Fatal] + +* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2 +- Resolves: upstream#3573 - sssd won't show netgroups with blank domain +- Resolves: upstream#3660 - confdb_expand_app_domains() always fails +- Resolves: upstream#3658 - Application domain is not interpreted correctly +- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to + json_loads() +- Resolves: upstream#3386 - KCM: Payload buffer is too small +- Resolves: upstream#3666 - Fix usage of str.decode() in our tests +- A few KCM misc fixes + +* Fri Mar 9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1 +- New upstream release 1.16.1 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html + +* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13 +- Resolves: upstream#3621 - backport bug found by static analyzers + +* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12 +- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile + with no specific host/hostgroup set +- Resolves: upstream#3621 - FleetCommander integration must not require + capability DAC_OVERRIDE + +* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11 +- Resolves: upstream#3618 - selinux_child segfaults in a docker container + +* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10 +- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl + +* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9 +- Fix systemd executions/requirements + +* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8 +- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS + +* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7 +- Fix building of sssd-nfs-idmap with libnfsidmap.so.1 + +* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6 +- Rebuilt for libnfsidmap.so.1 + +* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5 +- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in + setnetgrent_result_timeout +- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted + or machine swaps +- Resolves: failure in glibc tests + https://sourceware.org/bugzilla/show_bug.cgi?id=22530 +- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and + auth_provider ldap, login fails if the LDAP server + is not allowing anonymous binds +- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is + corrected with AD +- Resolves: upstream#3586 - Give a more detailed debug and system-log message + if krb5_init_context() failed +- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet + in /etc/systemd/system +- Backport few upstream features from 1.16.1 + +* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4 +- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next + +* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3 +- Backport extended NSS API from upstream master branch + +* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2 +- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade + +* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1 +- New upstream release 1.16.0 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html + +* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5 +- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when + searching in local cache database access on + the sock_file system_bus_socket + +* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4 +- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write + access on the sock_file system_bus_socket +- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and + fails to download desktop profile data +- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 +- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients + after applying ID Views for them in IPA server +- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id + mapping is applied + +* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3 +- Backport few upstream patches/fixes + +* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1 +- New upstream release 1.15.3 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html + +* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5 +- Rebuild with libldb-1.2.0 + +* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4 +- Fix build issues: Update expided certificate in unit tests + +* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3 +- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication +- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with + file from package sssd-common-1.15.1-1.fc25.x86_64 +- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4 + +* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2 +- Fix issue with IPA + SELinux in containers +- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297 + +* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1 +- Backport upstream patches for 1.15.3 pre-release +- required for building freeipa-4.5.x in rawhide + +* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1 +- New upstream release 1.15.2 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html + +* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1 +- New upstream release 1.15.1 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html + +* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4 +- Cherry-pick patches from upstream that enable the files provider +- Enable the files domain +- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch + which is superseded by the files domain autoconfiguration +- Related: rhbz#1357418 - SSSD fast cache for local users + +* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3 +- Add missing %%license macro + +* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1 +- New upstream release 1.15.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0 + +* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3 +- Rebuild for Python 3.6 + +* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2 +- Resolves: rhbz#1369130 - nss_sss should not link against libpthread +- Resolves: rhbz#1392916 - sssd failes to start after update +- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses + on the directory /etc/sssd + +* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1 +- New upstream release 1.14.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2 + +* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4 +- libwbclient-sssd: update interface to version 0.13 + +* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3 +- Fix regression with krb5_map_user +- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore +- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: + default if nonexistent domain is mentioned + +* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2 +- Backport important patches from upstream 1.14.2 prerelease +- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after + boot +- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14 + +* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1 +- New upstream release 1.14.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1 + +* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5 +- Add workaround patch for RHBZ #1366403 + +* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3 +- New upstream release 1.14.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0 + +* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta +- New upstream release 1.14 beta +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta + +* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha +- New upstream release 1.14 alpha +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha + +* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3 +- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): + sssd_ifp killed by SIGSEGV + +* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2 +- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6 + +* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1 +- New upstream release 1.13.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4 + +* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6 +- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password + prompts (e.g. Password + Token) +- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed + by remote host" if locale not available + +* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5 +- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA + groups during getgrnam and getgrgid +- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses + in call to 'print' + +* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3 +- Additional upstream fixes + +* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2 +- Resolves: rhbz#1256849 - SUDO: Support the IPA schema + +* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1 +- New upstream release 1.13.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3 + +* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1 +- New upstream release 1.13.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2 + +* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5 +- Rebuilt for Python3.5 rebuild + +* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4 +- Fix building pac responder with the krb5-1.14 + +* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3 +- python-sssdconfig: Fix parssing sssd.conf without config_file_version +- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed + +* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2 +- Fix few segfaults +- Resolves: upstream #2811 - PAM responder crashed if user was not set +- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step + +* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1 +- New upstream release 1.13.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1 + +* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6 +- Fix OTP bug +- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were + entered separately + +* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5 +- Backport upstream patches required by FreeIPA 4.2.1 + +* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4 +- Fix ipa-migration bug +- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled + migration mode + +* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3 +- New upstream release 1.13.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0 + +* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha +- Unify return type of list_active_domains for python{2,3} + +* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha +- New upstream release 1.13 alpha +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha + +* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3 +- Fix libwbclient alternatives + +* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2 +- Backport important patches from upstream 1.13 prerelease + +* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1 +- New upstream release 1.12.5 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5 + +* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8 +- Backport important patches from upstream 1.13 prerelease +- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable + attribute for group name +- Resolves: upstream #2335 - Investigate using the krb5 responder + for driving the PAM conversation with OTPs +- Enable cmocka tests for secondary architectures + +* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7 +- Backport patches from upstream 1.12.5 prerelease - contains many fixes + +* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6 +- Fix slow login with ipa and SELinux +- Resolves: upstream #2624 - Only set the selinux context if the context + differs from the local one + +* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5 +- Fix regressions with ipa and SELinux +- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security + context on client is staff_u + +* Fri Mar 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4 +- Also relax libldb Requires +- Remove --enable-ldb-version-check + +* Fri Mar 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3 +- Relax libldb BuildRequires to be greater-or-equal + +* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2 +- Add support for python3 bindings +- Add requirement to python3 or python3 bindings +- Resolves: rhbz#1014594 - sssd: Support Python 3 + +* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1 +- New upstream release 1.12.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4 + +* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7 +- Backport patches with Python3 support from upstream + +* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6 +- Fix double free in monitor +- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): + sssd killed by SIGABRT + +* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5 +- Rebuild for new libldb + +* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4 +- Decrease priority of sssd-libwbclient 20 -> 5 +- It should be lower than priority of samba veriosn of libwbclient. +- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18 + +* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3 +- Apply a number of patches from upstream to fix issues found 1.12.3 +- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple + interfaces, or isn't documented to be able to +- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is + not running +- Resolves: upstream #2557 authentication failure with user from AD + +* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2 +- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus +- Resolves: rhbz#1179379 - gzip: stdin: file size changed while + zipping when rotating logfile + +* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1 +- New upstream release 1.12.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 +- Fix spelling errors in description (fedpkg lint) + +* Tue Jan 6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8 +- Rebuild for libldb 1.1.19 + +* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7 +- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes + crash in wbinfo + - in addition to the patch libwbclient.so is + filtered out of the Provides list of the package + +* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6 +- Fix regressions and bugs in sssd upstream 1.12.2 +- https://fedorahosted.org/sssd/ticket/{id} +- Regressions: #2471, #2475, #2483, #2487, #2529, #2535 +- Bugs: #2287, #2445 + +* Sun Dec 7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5 +- Rebuild for libldb 1.1.18 + +* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4 +- Fix typo in libwbclient-devel %%preun + +* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3 +- Use alternatives for libwbclient + +* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2 +- Backport several patches from upstream. +- Fix a potential crash against old (pre-4.0) IPA servers + +* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1 +- New upstream release 1.12.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2 + +* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2 +- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user + private group from server + +* Mon Sep 8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1 +- New upstream release 1.12.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1 + +* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7 +- Do not crash on resolving a group SID in IPA server mode + +* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5 +- Fix release version for upgrades + +* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1 +- New upstream release 1.12.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0 + +* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2 +- New upstream release 1.12 beta2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2 + +* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1 +- Fix tests on big-endian +- Fix previous changelog entry + +* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1 +- New upstream release 1.12 beta1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1 + +* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4 +- Rebuild against new ding-libs + +* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3 +- Make LDB dependency a strict equivalency + +* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2 +- Rebuild against new libldb + +* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1 +- New upstream release 1.11.5.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1 + +* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2 +- Fix bug in generation of systemd unit file + +* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1 +- New upstream release 1.11.5 +- Remove upstreamed patch +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5 + +* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3 +- Handle new error code for IPA password migration + +* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2 +- Include couple of patches from upstream 1.11 branch + +* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1 +- New upstream release 1.11.4 +- Remove upstreamed patch +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4 + +* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2 +- Handle OTP response from FreeIPA server gracefully + +* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1 +- New upstream release 1.11.3 +- Remove upstreamed patches +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3 + +* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1 +- New upstream release 1.11.2 +- Remove upstreamed patches +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 + +* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5 +- Fix potential crash with external groups in trusted IPA-AD setup + +* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4 +- Add plugin for cifs-utils +- Resolves: rhbz#998544 + +* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3 +- Fix failover from Global Catalog to LDAP in case GC is not available + +* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2 +- Remove the ability to create public ccachedir (#1015089) + +* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1 +- New upstream release 1.11.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 + +* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3 +- Fix multicast checks in the SSSD +- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source + code getting the host info + +* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2 +- Backport simplification of ccache management from 1.11.1 +- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login + +* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1 +- New upstream release 1.11.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 + +* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2 +- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: + Process /usr/libexec/sssd/sssd_nss was killed by + signal 11 (SIGSEGV) +- Resolves: #996214 - sssd proxy_child segfault + +* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2 +- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and + pam libraries + +* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2 +- New upstream release 1.11 beta 2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 + +* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1 +- New upstream release 1.10.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1 + +* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17 +- sssd-tools should require sssd-common, not sssd + +* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16 +- Move sssd_pac to the sssd-ipa and sssd-ad subpackages +- Trim out RHEL5-specific macros since we don't build on RHEL 5 +- Trim out macros for Fedora older than F18 +- Update libldb requirement to 1.1.16 +- Trim RPM changelog down to the last year + +* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15 +- Move sssd_pac to the sssd-krb5 subpackage + +* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14 +- Fix Obsoletes: to account for dist tag +- Convert post and pre scripts to run on the sssd-common subpackage +- Remove old conversion from SYSV + +* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13 +- New upstream release 1.10 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0 + +* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2 +- the cmocka toolkit exists only on selected arches + +* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2 +- Apply a number of patches from upstream to fix issues found post-beta, + in particular: + -- segfault with a high DEBUG level + -- Fix IPA password migration (upstream #1873) + -- Fix fail over when retrying SRV resolution (upstream #1886) + +* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2 +- Only BuildRequire libcmocka on Fedora + +* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2 +- Fix typo in Requires that prevented an upgrade (#973916) +- Use a hardcoded version in Conflicts, not less-than-current + +* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1 +- Enable hardened build for RHEL7 + +* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2 +- New upstream release 1.10 beta2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 +- BuildRequire libcmocka-devel in order to run all upstream tests during build +- BuildRequire libnl3 instead of libnl1 +- No longer BuildRequire initscripts, we no longer use /sbin/service +- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any + older krb5-libs version + +* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1 +- Apply a couple of patches from upstream git that resolve crashes when + ID mapping object was not initialized properly but needed later + +* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1 +- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during + realm join +- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by + default for AD Provider +- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file + parent directory when logging in + +* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1 +- BuildRequire recent libini_config to ensure consistent behaviour + +* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1 +- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug + in ding-libs +- Fix SSH integration with fully-qualified domains +- Add the ability to dynamically discover the NetBIOS name + +* Fri May 3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1 +- New upstream release 1.10 beta1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1 + +* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1 +- Add a patch to fix krb5 ccache creation issue with krb5 1.11 + +* Tue Apr 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1 +- New upstream release 1.10 alpha1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1 + +* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10 +- Add a patch to fix krb5 unit tests + +* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9 +- Split internal helper libraries into a shared object +- Significantly reduce disk-space usage + +* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8 +- Fix the Kerberos password expiration warning (#912223) + +* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7 +- Do not write out dots in the domain-realm mapping file (#905650) + +* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6 +- Include upstream patch to build with krb5-1.11 + +* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5 +- Rebuild against new libldb + +* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4 +- Fix build with new automake versions + +* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3 +- Recreate Kerberos ccache directory if it's missing +- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache + directory /run/user/UID/ccdir does not exist + +* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2 +- Fix changelog dates to make F19 rpmbuild happy + +* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1 +- New upstream release 1.9.4 + +* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1 +- New upstream release 1.9.3 + +* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5 +- Resolve groups from AD correctly + +* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4 +- Check the validity of naming context + +* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3 +- Move the sss_cache tool to the main package + +* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2 +- Include the 1.9.2 tarball + +* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1 +- New upstream release 1.9.2 + +* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1 +- New upstream release 1.9.1 + +* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24 +- require the latest libldb + +* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24 +- Use mcpath insted of mcachepath macro to be consistent with + upsteam spec file + +* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23 +- New upstream release 1.9.0 + +* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1 +- New upstream release 1.9.0 rc1 + +* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7 +- New upstream release 1.9.0 beta7 +- obsoletes patches #1-#3 + +* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6 +- Rebuild against libldb 1.12 + +* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6 +- Rebuild against libldb 1.11 + +* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6 +- Change the default ccache location to DIR:/run/user/${UID}/krb5cc + and patch man page accordingly +- Resolves: rhbz#851304 + +* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6 +- Rebuild against libldb 1.10 + +* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6 +- Only create the SELinux login file if there are SELinux mappings on + the IPA server + +* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6 +- Don't discard HBAC rule processing result if SELinux is on + Resolves: rhbz#846792 (CVE-2012-3462) + +* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6 +- New upstream release 1.9.0 beta 6 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 +- A new option, override_shell was added. If this option is set, all users + managed by SSSD will have their shell set to its value. +- Fixes for the support for setting default SELinux user context from FreeIPA. +- Fixed a regression introduced in beta 5 that broke LDAP SASL binds +- The SSSD supports the concept of a Primary Server and a Back Up Server in + failover +- A new command-line tool sss_seed is available to help prime the cache with + a user record when deploying a new machine +- SSSD is now able to discover and save the domain-realm mappings + between an IPA server and a trusted Active Directory server. +- Packaging changes to fix ldconfig usage in subpackages (#843995) +- Rebuild against libldb 1.1.9 + +* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5 +- New upstream release 1.9.0 beta 5 +- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 +- Many fixes for the support for setting default SELinux user context from + FreeIPA, most notably fixed the specificity evaluation +- Fixed an incorrect default in the krb5_canonicalize option of the AD + provider which was preventing password change operation +- The shadowLastChange attribute value is now correctly updated with the + number of days since the Epoch, not seconds + +* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4 +- Fix broken ARM build +- Add missing DP_OPTION_TERMINATOR in AD provider options + +* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4 +- Own several directories create during make install (#839782) + +* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4 +- New upstream release 1.9.0 beta 4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 +- Add a new AD provider to improve integration with Active Directory 2008 R2 + or later servers +- SUDO integration was completely rewritten. The new implementation works + with multiple domains and uses an improved refresh mechanism to download + only the necessary rules +- The IPA authentication provider now supports subdomains +- Fixed regression for setups that were setting default_tkt_enctypes + manually by reverting a previous workaround. + +* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3 +- New upstream release 1.9.0 beta 3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 +- Add a new PAC responder for dealing with cross-realm Kerberos trusts +- Terminate idle connections to the NSS and PAM responders + +* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2 +- Switch unicode library from libunistring to Glib +- Drop unnecessary explicit Requires on keyutils +- Guarantee that versioned Requires include the correct architecture + +* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2 +- Fix accidental disabling of the DIR cache support + +* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2 +- New upstream release 1.9.0 beta 2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 +- Add support for the Kerberos DIR cache for storing multiple TGTs + automatically +- Major performance enhancement when storing large groups in the cache +- Major performance enhancement when performing initgroups() against Active + Directory +- SSSDConfig data file default locations can now be set during configure for + easier packaging + +* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1 +- Fix regression in endianness patch + +* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1 +- Rebuild SSSD against ding-libs 0.3.0beta1 +- Fix endianness bug in service map protocol + +* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1 +- Fix several regressions since 1.5.x +- Ensure that the RPM creates the /var/lib/sss/mc directory +- Add support for Netscape password warning expiration control +- Rebuild against libldb 1.1.6 + +* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1 +- New upstream release 1.9.0 beta 1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 +- Add native support for autofs to the IPA provider +- Support for ID-mapping when connecting to Active Directory +- Support for handling very large (> 1500 users) groups in Active Directory +- Support for sub-domains (will be used for dealing with trust relationships) +- Add a new fast in-memory cache to speed up lookups of cached data on + repeated requests + +* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11 +- New upstream release 1.8.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 +- Numerous manpage and translation updates +- LDAP: Handle situations where the RootDSE isn't available anonymously +- LDAP: Fix regression for users using non-standard LDAP attributes for user + information + +* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10 +- New upstream release 1.8.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 +- Several fixes to case-insensitive domain functions +- Fix for GSSAPI binds when the keytab contains unrelated principals +- Fixed several segfaults +- Workarounds added for LDAP servers with unreadable RootDSE +- SSH knownhostproxy will no longer enter an infinite loop preventing login +- The provided SYSV init script now starts SSSD earlier at startup and stops + it later during shutdown +- Assorted minor fixes for issues discovered by static analysis tools + +* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9 +- Don't duplicate libsss_autofs.so in two packages +- Set explicit package contents instead of globbing + +* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8 +- Fix uninitialized value bug causing crashes throughout the code +- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup + +* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7 +- New upstream release 1.8.1 +- Resolve issue where we could enter an infinite loop trying to connect to an + auth server +- Fix serious issue with complex (3+ levels) nested groups +- Fix netgroup support for case-insensitivity and aliases +- Fix serious issue with lookup bundling resulting in requests never + completing +- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt + in addition to pam_authenticate +- Fix several regressions in the proxy provider +- Resolves: rhbz#743133 - Performance regression with Kerberos authentication + against AD +- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work + +* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6 +- New upstream release 1.8.0 +- Support for the service map in NSS +- Support for setting default SELinux user context from FreeIPA +- Support for retrieving SSH user and host keys from LDAP (Experimental) +- Support for caching autofs LDAP requests (Experimental) +- Support for caching SUDO rules (Experimental) +- Include the IPA AutoFS provider +- Fixed several memory-corruption bugs +- Fixed a regression in group enumeration since 1.7.0 +- Fixed a regression in the proxy provider +- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD +- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is + logged at each login +- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process + /usr/sbin/sssd was killed by signal 11 (SIGSEGV) +- Resolves: rhbz#743133 - Performance regression with Kerberos authentication + against AD +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features +- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc + +* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3 +- Change default kerberos credential cache location to /run/user/<username> + +* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3 +- New upstream release 1.8.0 beta 3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 +- Fixed a regression in group enumeration since 1.7.0 +- Fixed several memory-corruption bugs +- Finalized the ABI for the autofs support +- Fixed a regression in the proxy provider + +* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2 +- Rebuild against PCRE 8.30 + +* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2 +- New upstream release +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 +- Fix two minor manpage bugs +- Include the IPA AutoFS provider + +* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1 +- New upstream release +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 +- Support for the service map in NSS +- Support for setting default SELinux user context from FreeIPA +- Support for retrieving SSH user and host keys from LDAP (Experimental) +- Support for caching autofs LDAP requests (Experimental) +- Support for caching SUDO rules (Experimental) + +* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5 +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features - fix netgroups and sudo as well + +* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4 +- Fixes a serious memory hierarchy bug causing unpredictable behavior in the + LDAP provider. + +* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3 +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features + +* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1 +- New upstream release 1.7.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 +- Support for case-insensitive domains +- Support for multiple search bases in the LDAP provider +- Support for the native FreeIPA netgroup implementation +- Reliability improvements to the process monitor +- New DEBUG facility with more consistent log levels +- New tool to change debug log levels without restarting SSSD +- SSSD will now disconnect from LDAP server when idle +- FreeIPA HBAC rules can choose to ignore srchost options for significant + performance gains +- Assorted performance improvements in the LDAP provider + +* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1 +- New upstream release 1.6.4 +- Rolls up previous patches applied to the 1.6.3 tarball +- Fixes a rare issue causing crashes in the failover logic +- Fixes an issue where SSSD would return the wrong PAM error code for users + that it does not recognize. + +* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5 +- Rebuild against libldb 1.1.4 + +* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4 +- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the + username in getpwnam() +- Resolves: rhbz#758425 - LDAP failover not working if server refuses + connections + +* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3 +- Rebuild for libldb 1.1.3 + +* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2 +- Resolves: rhbz#752495 - Crash when apply settings + +* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1 +- New upstream release 1.6.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 +- Fixes a major cache performance issue introduced in 1.6.2 +- Fixes a potential infinite-loop with certain LDAP layouts + +* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5 +- Rebuilt for glibc bug#747377 + +* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4 +- Change selinux policy requirement to Conflicts: with the old version, + rather than Requires: the supported version. + +* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3 +- Add explicit requirement on selinux-policy version to address new SBUS + symlinks. + +* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2 +- Remove %%files reference to sss_debuglevel copied from wrong upstreeam + spec file. + +* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1 +- Improved handling of users and groups with multi-valued name attributes + (aliases) +- Performance enhancements + Initgroups on RFC2307bis/FreeIPA + HBAC rule processing +- Improved process-hang detection and restarting +- Enabled the midpoint cache refresh by default (fewer cache misses on + commonly-used entries) +- Cleaned up the example configuration +- New tool to change debug level on the fly + +* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1 +- New upstream release 1.6.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 +- Fixes a serious issue with LDAP connections when the communication is + dropped (e.g. VPN disconnection, waking from sleep) +- SSSD is now less strict when dealing with users/groups with multiple names + when a definitive primary name cannot be determined +- The LDAP provider will no longer attempt to canonicalize by default when + using SASL. An option to re-enable this has been provided. +- Fixes for non-standard LDAP attribute names (e.g. those used by Active + Directory) +- Three HBAC regressions have been fixed. +- Fix for an infinite loop in the deref code + +* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2 +- Build with _hardened_build macro + +* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1 +- New upstream release 1.6.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 +- Add host access control support for LDAP (similar to pam_host_attr) +- Finer-grained control on principals used with Kerberos (such as for FAST or +- validation) +- Added a new tool sss_cache to allow selective expiring of cached entries +- Added support for LDAP DEREF and ASQ controls +- Added access control features for Novell Directory Server +- FreeIPA dynamic DNS update now checks first to see if an update is needed +- Complete rewrite of the HBAC library +- New libraries: libipa_hbac and libipa_hbac-python + +* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2 +- New upstream release 1.5.11 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 +- Fix a serious regression that prevented SSSD from working with ldaps:// URIs +- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 +- address being saved to the AAAA record + +* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1 +- New upstream release 1.5.10 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 +- Fixed a regression introduced in 1.5.9 that could result in blocking calls +- to LDAP + +* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1 +- New upstream release 1.5.9 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 +- Support for overriding home directory, shell and primary GID locally +- Properly honor TTL values from SRV record lookups +- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP +- servers) +- Properly escape IPv6 addresses in the failover code +- Do not crash if inotify fails (e.g. resource exhaustion) +- Don't add multiple TGT renewal callbacks (too many log messages) + +* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1 +- New upstream release 1.5.8 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 +- Support for the LDAP paging control +- Support for multiple DNS servers for name resolution +- Fixes for several group membership bugs +- Fixes for rare crash bugs + +* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3 +- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d +- Make sure to properly convert to systemd if upgrading from newer +- updates for Fedora 14 + +* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2 +- Fix segfault in TGT renewal + +* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1 +- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites +- cached password with predicatable filename + +* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1 +- Re-add manpage translations + +* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1 +- New upstream release 1.5.6 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 +- Fixed a serious memory leak in the memberOf plugin +- Fixed a regression with the negative cache that caused it to be essentially +- nonfunctional +- Fixed an issue where the user's full name would sometimes be removed from +- the cache +- Fixed an issue with password changes in the kerberos provider not working +- with kpasswd + +* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5 +- Resolves: rhbz#697057 - kpasswd fails when using sssd and +- kadmin server != kdc server +- Upgrades from SysV should now maintain enabled/disabled status + +* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4 +- Fix %%postun + +* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3 +- Fix systemd conversion. Upgrades from SysV to systemd weren't properly +- enabling the systemd service. +- Fix a serious memory leak in the memberOf plugin +- Fix an issue where the user's full name would sometimes be removed +- from the cache + +* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2 +- Install systemd unit file instead of sysv init script + +* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1 +- New upstream release 1.5.5 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 +- Fixes for several crash bugs +- LDAP group lookups will no longer abort if there is a zero-length member +- attribute +- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist + +* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1 +- New upstream release 1.5.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 +- Fixes for Active Directory when not all users and groups have POSIX attributes +- Fixes for handling users and groups that have name aliases (aliases are ignored) +- Fix group memberships after initgroups in the IPA provider + +* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2 +- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication + +* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1 +- New upstream release 1.5.3 +- Support for libldb >= 1.0.0 + +* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1 +- New upstream release 1.5.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 +- Fixes for support of FreeIPA v2 +- Fixes for failover if DNS entries change +- Improved sss_obfuscate tool with better interactive mode +- Fix several crash bugs +- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this +- Delete users from the local cache if initgroups calls return 'no such user' +- (previously only worked for getpwnam/getpwuid) +- Use new Transifex.net translations +- Better support for automatic TGT renewal (now survives restart) +- Netgroup fixes + +* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9 +- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. +- Related: rhbz#677425 + +* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8 +- Resolves: rhbz#677768 - name service caches names, so id command shows +- recently deleted users + +* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7 +- Ensure that SSSD builds against libldb-1.0.0 on F15 and later +- Remove .la for memberOf + +* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6 +- Fix memberOf install path + +* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5 +- Add support for libldb 1.0.0 + +* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3 +- Fix nested group member filter sanitization for RFC2307bis +- Put translated tool manpages into the sssd-tools subpackage + +* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2 +- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during +- rpmbuild + +* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1 +- New upstream release 1.5.1 +- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins +- Vast performance improvements when enumerate = true +- All PAM actions will now perform a forced initgroups lookup instead of just +- a user information lookup +- This guarantees that all group information is available to other +- providers, such as the simple provider. +- For backwards-compatibility, DNS lookups will also fall back to trying the +- SSSD domain name as a DNS discovery domain. +- Support for more password expiration policies in LDAP +- 389 Directory Server +- FreeIPA +- ActiveDirectory +- Support for ldap_tls_{cert,key,cipher_suite} config options +-Assorted bugfixes + +* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2 +- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins + +* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1 +- New upstream release 1.5.0 +- Fixed issues with LDAP search filters that needed to be escaped +- Add Kerberos FAST support on platforms that support it +- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials +- Added a Kerberos access provider to honor .k5login +- Addressed several thread-safety issues in the sss_client code +- Improved support for delayed online Kerberos auth +- Significantly reduced time between connecting to the network/VPN and +- acquiring a TGT +- Added feature for automatic Kerberos ticket renewal +- Provides the kerberos ticket for long-lived processes or cron jobs +- even when the user logs out +- Added several new features to the LDAP access provider +- Support for 'shadow' access control +- Support for authorizedService access control +- Ability to mix-and-match LDAP access control features +- Added an option for a separate password-change LDAP server for those +- platforms where LDAP referrals are not supported +- Added support for manpage translations + + +* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3 +- Solve a shutdown race-condition that sometimes left processes running +- Resolves: rhbz#606887 - SSSD stops on upgrade + +* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2 +- Log startup errors to the syslog +- Allow cache cleanup to be disabled in sssd.conf + +* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1 +- New upstream release 1.4.1 +- Add support for netgroups to the proxy provider +- Fixes a minor bug with UIDs/GIDs >= 2^31 +- Fixes a segfault in the kerberos provider +- Fixes a segfault in the NSS responder if a data provider crashes +- Correctly use sdap_netgroup_search_base + +* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2 +- Fix incorrect tarball URL + +* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1 +- New upstream release 1.4.0 +- Added support for netgroups to the LDAP provider +- Performance improvements made to group processing of RFC2307 LDAP servers +- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin +- Build-system improvements to support Gentoo +- Split out several libraries into the ding-libs tarball +- Manpage reviewed and updated + +* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35 +- Fix pre and post script requirements + +* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34 +- Resolves: rhbz#606887 - sssd stops on upgrade + +* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33 +- Resolves: rhbz#626205 - Unable to unlock screen + +* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32 +- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but +- doesn't require it + +* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31 +- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib + +* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30 +- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate +- against LDAP + +* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20 +- New upstream version 1.2.91 (1.3.0rc1) +- Improved LDAP failover +- Synchronous sysdb API (provides performance enhancements) +- Better online reconnection detection + +* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15 +- New stable upstream version 1.2.1 +- Resolves: rhbz#595529 - spec file should eschew %%define in favor of +- %%global +- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service +- to fail while restart. +- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel +- keyring +- Resolves: rhbz#599724 - sssd is broken on Rawhide + +* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12 +- New stable upstream version 1.2.0 +- Support ServiceGroups for FreeIPA v2 HBAC rules +- Fix long-standing issue with auth_provider = proxy +- Better logging for TLS issues in LDAP + +* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11 +- New LDAP access provider allows for filtering user access by LDAP attribute +- Reduced default timeout for detecting offline status with LDAP +- GSSAPI ticket lifetime made configurable +- Better offline->online transition support in Kerberos + +* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10 +- Release new upstream version 1.1.91 +- Enhancements when using SSSD with FreeIPA v2 +- Support for deferred kinit +- Support for DNS SRV records for failover + +* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3 +- Bump up release number to avoid library sub-packages version issues with + previous releases. + +* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1 +- New upstream release 1.1.1 +- Fixed the IPA provider (which was segfaulting at start) +- Fixed a bug in the SSSDConfig API causing some options to revert to +- their defaults +- This impacted the Authconfig UI +- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal + +* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2 +- Release SSSD 1.1.0 final +- Fix two potential segfaults +- Fix memory leak in monitor +- Better error message for unusable confdb + +* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19 +- Release candidate for SSSD 1.1 +- Add simple access provider +- Create subpackages for libcollection, libini_config, libdhash and librefarray +- Support IPv6 +- Support LDAP referrals +- Fix cache issues +- Better feedback from PAM when offline + +* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2 +- Rebuild against new libtevent + +* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1 +- Fix licenses in sources and on RPMs + +* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1 +- Fix regression on 64-bit platforms + +* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1 +- Fixes link error on platforms that do not do implicit linking +- Fixes double-free segfault in PAM +- Fixes double-free error in async resolver +- Fixes support for TCP-based DNS lookups in async resolver +- Fixes memory alignment issues on ARM processors +- Manpage fixes + +* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1 +- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online +- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests +- Several segfault bugfixes + +* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1 +- Fix CVE-2010-0014 + +* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2 +- Patch SSSDConfig API to address +- https://bugzilla.redhat.com/show_bug.cgi?id=549482 + +* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1 +- New upstream stable release 1.0.0 + +* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1 +- New upstream bugfix release 0.99.1 + +* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1 +- New upstream release 0.99.0 + +* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1 +- Fix segfault in sssd_pam when cache_credentials was enabled +- Update the sample configuration +- Fix upgrade issues caused by data provider service removal + +* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2 +- Fix upgrade issues from old (pre-0.5.0) releases of SSSD + +* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1 +- New upstream release 0.7.0 + +* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2 +- Fix missing file permissions for sssd-clients + +* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1 +- Add SSSDConfig API +- Update polish translation for 0.6.0 +- Fix long timeout on ldap operation +- Make dp requests more robust + +* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1 +- Ensure that the configuration upgrade script always writes the config + file with 0600 permissions +- Eliminate an infinite loop in group enumerations + +* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0 +- New upstream release 0.6.0 + +* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0 +- New upstream release 0.5.0 + +* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4 +- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in + without a password. (Patch by Stephen Gallagher) + +* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2 +- Fix a couple of segfaults that may happen on reload + +* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1 +- add missing configure check that broke stopping the daemon +- also fix default config to add a missing required option + +* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0 +- latest upstream release. +- also add a patch that fixes debugging output (potential segfault) + +* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2 +- release out of the official 0.3.2 tarball + +* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1 +- bugfix release 0.3.2 +- includes previous release patches +- change permissions of the /etc/sssd/sssd.conf to 0600 + +* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2 +- Add last minute bug fixes, found in testing the package + +* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1 +- Version 0.3.1 +- includes previous release patches + +* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2 +- Try to fix build adding automake as an explicit BuildRequire +- Add also a couple of last minute patches from upstream + +* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1 +- Version 0.3.0 +- Provides file based configuration and lots of improvements + +* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1 +- Version 0.2.1 + +* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1 +- Version 0.2.0 + +* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3 +- package git snapshot + +* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4 +- fixed items found during review +- added initscript + +* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3 +- added sss_client + +* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2 +- Small cleanup and fixes in the spec file + +* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1 +- Initial release (based on version 0.1.0 upstream code)