From 0d097b9920e1e6f8bd897f3956f667e9947e7a75 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 28 2020 09:34:45 +0000 Subject: import sssd-2.2.3-20.el8 --- diff --git a/.gitignore b/.gitignore index bffaf09..eee5b09 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/sssd-2.2.0.tar.gz +SOURCES/sssd-2.2.3.tar.gz diff --git a/.sssd.metadata b/.sssd.metadata index 637397e..3fa9e18 100644 --- a/.sssd.metadata +++ b/.sssd.metadata @@ -1 +1 @@ -6c4ba24eb19a821c69e19675e76f01c94cbd5aa0 SOURCES/sssd-2.2.0.tar.gz +c2b457f85586750f5b22bfedd4cbca5b6f8fdb88 SOURCES/sssd-2.2.3.tar.gz diff --git a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch new file mode 100644 index 0000000..124b9be --- /dev/null +++ b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch @@ -0,0 +1,35 @@ +From b626651847e188e89a332b8ac4bfaaa5047e1b3d Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Tue, 10 Dec 2019 16:30:32 +0100 +Subject: [PATCH] INI: sssctl config-check command error messages +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case of parsing error sssctl config-check command does not give +proper error messages with line number. With this patch the error +message is printed again. + +Resolves: +https://pagure.io/SSSD/sssd/issue/4129 + +Reviewed-by: Michal Židek +--- + src/util/sss_ini.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c +index e3699805d..5d91602cd 100644 +--- a/src/util/sss_ini.c ++++ b/src/util/sss_ini.c +@@ -865,6 +865,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self, + + ret = sss_ini_parse(self); + if (ret != EOK) { ++ sss_ini_config_print_errors(self->error_list); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration.\n"); + return ERR_INI_PARSE_FAILED; + } +-- +2.20.1 + diff --git a/SOURCES/0001-MAN-ldap_user_home_directory-default-missing.patch b/SOURCES/0001-MAN-ldap_user_home_directory-default-missing.patch deleted file mode 100644 index e0de1f3..0000000 --- a/SOURCES/0001-MAN-ldap_user_home_directory-default-missing.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 52cdf289ff9b40a203d7f823b8dad85501c7404c Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Wed, 19 Jun 2019 10:15:30 +0200 -Subject: [PATCH 1/2] MAN: ldap_user_home_directory default missing -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The default value of "ldap_user_home_directory" is "homeDirectory" -but for AD provider it is "unixHomeDirectory" - -Resolves: -https://bugzilla.redhat.com/show_bug.cgi?id=1673443 - -Reviewed-by: Michal Židek -(cherry picked from commit 01ea70fa8cc91f05a726d1dea3c64bd776dc3517) ---- - src/man/sssd-ldap.5.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml -index b6496b50f..f0bc82db5 100644 ---- a/src/man/sssd-ldap.5.xml -+++ b/src/man/sssd-ldap.5.xml -@@ -373,7 +373,7 @@ - home directory. - - -- Default: homeDirectory -+ Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD) - - - --- -2.20.1 - diff --git a/SOURCES/0002-PROXY-Return-data-in-output-parameter-if-everything-.patch b/SOURCES/0002-PROXY-Return-data-in-output-parameter-if-everything-.patch deleted file mode 100644 index 0879227..0000000 --- a/SOURCES/0002-PROXY-Return-data-in-output-parameter-if-everything-.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 59c0d659fc71b47278c2faadaa844e8516454626 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Fri, 28 Jun 2019 16:27:21 +0200 -Subject: [PATCH 2/2] PROXY: Return data in output parameter if everything is - OK - -The function remove_duplicate_group_members might return EOK also in the middle -of function but return parameter was not set with right data. -Processing continued in the function save_group but there was a -dereference of NULL pointer. - -Introduced in: https://pagure.io/SSSD/sssd/issue/3931 - -Crash: - (gdb) bt - #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", - alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 - #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, - ctx=) at src/providers/proxy/proxy_id.c:1160 - #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) - at src/providers/proxy/proxy_id.c:1553 - #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 - #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 - #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 - #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, - name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 - #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, - method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 - #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, - entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 - #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 - #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 - #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 - #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 - #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 - #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 - #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 - #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 - #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 - #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 - (gdb) l - (gdb) bt - #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", - alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 - #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, - ctx=) at src/providers/proxy/proxy_id.c:1160 - #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) - at src/providers/proxy/proxy_id.c:1553 - #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 - #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 - #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 - #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, - name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 - #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, - method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 - #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, - entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 - #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 - #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 - #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 - #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 - #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 - #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 - #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 - #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 - #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 - #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 - (gdb) l - 733 ret = remove_duplicate_group_members(tmp_ctx, grp, &ngroup); - 734 if (ret != EOK) { - 735 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove duplicate group member s\n"); - 736 goto done; - 737 } - 738 - 739 DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, ngroup); - 740 - 741 ret = sysdb_transaction_start(sysdb); - 742 if (ret != EOK) { - 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); - 744 goto done; - 745 } - 746 in_transaction = true; - 747 - 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { - 749 attrs = sysdb_new_attrs(tmp_ctx); - 750 if (!attrs) { - 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); - 752 ret = ENOMEM; - (gdb) p ngroup - $1 = (struct group *) 0x0 - 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); - 744 goto done; - 745 } - 746 in_transaction = true; - 747 - 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { - 749 attrs = sysdb_new_attrs(tmp_ctx); - 750 if (!attrs) { - 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); - 752 ret = ENOMEM; - (gdb) p ngroup - $1 = (struct group *) 0x0 - -Merges: https://pagure.io/SSSD/sssd/pull-request/4036 - -Resolves: -https://pagure.io/SSSD/sssd/issue/4037 - -Reviewed-by: Jakub Hrozek -(cherry picked from commit e1b678c0cce73494d986610920b03956c1dbb62a) ---- - src/providers/proxy/proxy_id.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c -index e1be29076..91105ce5a 100644 ---- a/src/providers/proxy/proxy_id.c -+++ b/src/providers/proxy/proxy_id.c -@@ -698,10 +698,12 @@ static errno_t remove_duplicate_group_members(TALLOC_CTX *mem_ctx, - } - grp->gr_mem[i] = NULL; - -- *_grp = talloc_steal(mem_ctx, grp); - ret = EOK; - - done: -+ if (ret == EOK) { -+ *_grp = talloc_steal(mem_ctx, grp); -+ } - talloc_zfree(tmp_ctx); - - return ret; --- -2.20.1 - diff --git a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch new file mode 100644 index 0000000..1eee827 --- /dev/null +++ b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch @@ -0,0 +1,42 @@ +From 21cb9fb28db1f2eb4ee770eb029bfe20233e4392 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 12 Dec 2019 13:10:16 +0100 +Subject: [PATCH] certmap: mention special regex characters in man page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since some of the matching rules use regular expressions some characters +must be escaped so that they can be used a ordinary characters in the +rules. + +Related to https://pagure.io/SSSD/sssd/issue/4127 + +Reviewed-by: Michal Židek +--- + src/man/sss-certmap.5.xml | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml +index db258d14a..10343625e 100644 +--- a/src/man/sss-certmap.5.xml ++++ b/src/man/sss-certmap.5.xml +@@ -92,6 +92,15 @@ + + Example: <SUBJECT>.*,DC=MY,DC=DOMAIN + ++ ++ Please note that the characters "^.[$()|*+?{\" have a ++ special meaning in regular expressions and must be ++ escaped with the help of the '\' character so that they ++ are matched as ordinary characters. ++ ++ ++ Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ ++ + + + +-- +2.20.1 + diff --git a/SOURCES/0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch b/SOURCES/0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch deleted file mode 100644 index 1053167..0000000 --- a/SOURCES/0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 5afd3f6030a78d1c3631c645955c0804b7e7abce Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Mon, 24 Jun 2019 15:58:09 +0200 -Subject: [PATCH 3/4] LDAP: failover does not work on non-responsive ldaps - -In case ldaps:// is used, then establishing the secure socket is -a sychronous operation. If there's nothing on the other end, then -the process would be stuck waiting in for the crypto library -to finish. - -Here we set socket read/write timeout so the operation can finish -in reasonable time with an error. The ldap_network_timeout -option is used for this timeout. - -Resolves: -https://pagure.io/SSSD/sssd/issue/2878 - -Reviewed-by: Alexey Tikhonov -Reviewed-by: Jakub Hrozek ---- - src/util/sss_sockets.c | 26 ++++++++++++++++++++++++-- - 1 file changed, 24 insertions(+), 2 deletions(-) - -diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c -index 5e9be9ebd..0e4d8df8a 100644 ---- a/src/util/sss_sockets.c -+++ b/src/util/sss_sockets.c -@@ -74,10 +74,11 @@ static errno_t set_fcntl_flags(int fd, int fd_flags, int fl_flags) - return EOK; - } - --static errno_t set_fd_common_opts(int fd) -+static errno_t set_fd_common_opts(int fd, int timeout) - { - int dummy = 1; - int ret; -+ struct timeval tv; - - /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but - * failures are ignored.*/ -@@ -97,6 +98,27 @@ static errno_t set_fd_common_opts(int fd) - strerror(ret)); - } - -+ if (timeout > 0) { -+ /* Set socket read & write timeout */ -+ tv = tevent_timeval_set(timeout, 0); -+ -+ ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); -+ if (ret != 0) { -+ ret = errno; -+ DEBUG(SSSDBG_FUNC_DATA, -+ "setsockopt SO_RCVTIMEO failed.[%d][%s].\n", ret, -+ strerror(ret)); -+ } -+ -+ ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); -+ if (ret != 0) { -+ ret = errno; -+ DEBUG(SSSDBG_FUNC_DATA, -+ "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, -+ strerror(ret)); -+ } -+ } -+ - return EOK; - } - -@@ -264,7 +286,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_CTX *mem_ctx, - goto fail; - } - -- ret = set_fd_common_opts(state->sd); -+ ret = set_fd_common_opts(state->sd, timeout); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_common_opts failed.\n"); - goto fail; --- -2.20.1 - diff --git a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch new file mode 100644 index 0000000..c0d5c51 --- /dev/null +++ b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch @@ -0,0 +1,98 @@ +From 580d61884b6c0a81357d8f9fa69fe69d1f017185 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 6 Dec 2019 12:29:49 +0100 +Subject: [PATCH] ldap_child: do not try PKINIT + +if the PKINIT plugin is installed and pkinit_identities is set in +/etc/krb5.conf libkrb5 will try to do PKINIT although ldap_child only +wants to authenticate with a keytab. As a result ldap_child might try to +access a Smartcard which is either not allowed at all or might cause +unexpected delays. + +To avoid this the current patch sets pkinit_identities for LDAP child +explicitly to make the PKINIT plugin fail because if installed libkrb5 +will always use it. + +It turned out the setting pre-authentication options requires some +internal flags to be set and krb5_get_init_creds_opt_alloc() must be +used to initialize the options struct. + +Related to https://pagure.io/SSSD/sssd/issue/4126 + +Reviewed-by: Alexey Tikhonov +--- + src/providers/ldap/ldap_child.c | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c +index 408d64db4..b081df90f 100644 +--- a/src/providers/ldap/ldap_child.c ++++ b/src/providers/ldap/ldap_child.c +@@ -277,7 +277,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + krb5_ccache ccache = NULL; + krb5_principal kprinc; + krb5_creds my_creds; +- krb5_get_init_creds_opt options; ++ krb5_get_init_creds_opt *options = NULL; + krb5_error_code krberr; + krb5_timestamp kdc_time_offset; + int canonicalize = 0; +@@ -392,19 +392,32 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + } + + memset(&my_creds, 0, sizeof(my_creds)); +- memset(&options, 0, sizeof(options)); + +- krb5_get_init_creds_opt_set_address_list(&options, NULL); +- krb5_get_init_creds_opt_set_forwardable(&options, 0); +- krb5_get_init_creds_opt_set_proxiable(&options, 0); +- krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); ++ krberr = krb5_get_init_creds_opt_alloc(context, &options); ++ if (krberr != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_opt_alloc failed.\n"); ++ goto done; ++ } ++ ++ krb5_get_init_creds_opt_set_address_list(options, NULL); ++ krb5_get_init_creds_opt_set_forwardable(options, 0); ++ krb5_get_init_creds_opt_set_proxiable(options, 0); ++ krb5_get_init_creds_opt_set_tkt_life(options, lifetime); ++ krberr = krb5_get_init_creds_opt_set_pa(context, options, ++ "X509_user_identity", ""); ++ if (krberr != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ "krb5_get_init_creds_opt_set_pa failed [%d], ignored.\n", ++ krberr); ++ } ++ + + tmp_str = getenv("KRB5_CANONICALIZE"); + if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { + DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n"); + canonicalize = 1; + } +- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); ++ sss_krb5_get_init_creds_opt_set_canonicalize(options, canonicalize); + + ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s", + DB_PATH, realm_name); +@@ -433,7 +446,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + } + + krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, +- keytab, 0, NULL, &options); ++ keytab, 0, NULL, options); + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, + "krb5_get_init_creds_keytab() failed: %d\n", krberr); +@@ -513,6 +526,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, + *expire_time_out = my_creds.times.endtime - kdc_time_offset; + + done: ++ krb5_get_init_creds_opt_free(context, options); + if (krberr != 0) { + if (*_krb5_msg == NULL) { + /* no custom error message provided hence get one from libkrb5 */ +-- +2.20.1 + diff --git a/SOURCES/0004-sudo-use-proper-datetime-for-default-modifyTimestamp.patch b/SOURCES/0004-sudo-use-proper-datetime-for-default-modifyTimestamp.patch deleted file mode 100644 index 0fb3dab..0000000 --- a/SOURCES/0004-sudo-use-proper-datetime-for-default-modifyTimestamp.patch +++ /dev/null @@ -1,69 +0,0 @@ -From d15c205bed16f5d138ce5c9335ed9f4aa7d4c25c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 17 Jul 2019 11:57:23 +0200 -Subject: [PATCH 4/4] sudo: use proper datetime for default modifyTimestamp - value - -The current default was simply "1", however OpenLDAP server was unable -to compare modifyTimestamp attribute to simple number. A proper datetime -is required by OpenLDAP. - -It worked correctly on 389-ds. - -Steps to reproduce: -1. install openldap server -2. run sssd -3. there are no sudo rules on the server and there are no cached objects -4. you'll see in the logs that sudo smart refresh uses `(&(&(objectclass=sudoRole)(modifyTimestamp>=1))...` filter (`1` instead of proper datetime value) - -The minimum accepted value by OpenLDAP is 00000101000000Z, as both month and day can not be zero. - -Resolves: -https://pagure.io/SSSD/sssd/issue/4046 ---- - src/providers/ldap/sdap_sudo_shared.c | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c -index d2f24ed6e..93a977626 100644 ---- a/src/providers/ldap/sdap_sudo_shared.c -+++ b/src/providers/ldap/sdap_sudo_shared.c -@@ -123,11 +123,24 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - static char * - sdap_sudo_new_usn(TALLOC_CTX *mem_ctx, - unsigned long usn, -- const char *leftover) -+ const char *leftover, -+ bool supports_usn) - { - const char *str = leftover == NULL ? "" : leftover; - char *newusn; - -+ /* This is a fresh start and server uses modifyTimestamp. We need to -+ * provide proper datetime value. */ -+ if (!supports_usn && usn == 0) { -+ newusn = talloc_strdup(mem_ctx, "00000101000000Z"); -+ if (newusn == NULL) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Unable to change USN value (OOM)!\n"); -+ return NULL; -+ } -+ -+ return newusn; -+ } -+ - /* We increment USN number so that we can later use simplify filter - * (just usn >= last+1 instead of usn >= last && usn != last). - */ -@@ -178,7 +191,8 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, - srv_opts->last_usn = usn_number; - } - -- newusn = sdap_sudo_new_usn(srv_opts, srv_opts->last_usn, endptr); -+ newusn = sdap_sudo_new_usn(srv_opts, srv_opts->last_usn, endptr, -+ srv_opts->supports_usn); - if (newusn == NULL) { - return; - } --- -2.20.1 - diff --git a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch new file mode 100644 index 0000000..55e38db --- /dev/null +++ b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch @@ -0,0 +1,52 @@ +From 2c13d8bd00f1e8ff30e9fc81f183f6450303ac30 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Wed, 11 Dec 2019 18:42:49 +0100 +Subject: [PATCH] util/watchdog: fixed watchdog implementation + +In case watchdog detected locked process and this process was parent +process it just sent SIGTERM to the whole group of processes, including +itself. +This handling was wrong: generic `server_setup()` installs custom +libtevent handler for SIGTERM signal so this signal is only processed +in the context of tevent mainloop. But if tevent mainloop is stuck +(exactly the case that triggers WD) then event is not processed +and this made watchdog useless. +`watchdog_handler()` and `watchdog_detect_timeshift()` were amended to do +unconditional `_exit()` after optionally sending a signal to the group. + +Resolves: https://pagure.io/SSSD/sssd/issue/4089 + +Reviewed-by: Sumit Bose +--- + src/util/util_watchdog.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c +index a07275b19..38c248271 100644 +--- a/src/util/util_watchdog.c ++++ b/src/util/util_watchdog.c +@@ -54,9 +54,8 @@ static void watchdog_detect_timeshift(void) + if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) { + if (getpid() == getpgrp()) { + kill(-getpgrp(), SIGTERM); +- } else { +- _exit(1); + } ++ _exit(1); + } + } + } +@@ -75,9 +74,8 @@ static void watchdog_handler(int sig) + if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) { + if (getpid() == getpgrp()) { + kill(-getpgrp(), SIGTERM); +- } else { +- _exit(1); + } ++ _exit(1); + } + } + +-- +2.20.1 + diff --git a/SOURCES/0005-negcache-add-fq-usernames-of-know-domains-to-all-UPN.patch b/SOURCES/0005-negcache-add-fq-usernames-of-know-domains-to-all-UPN.patch deleted file mode 100644 index 9d2aad4..0000000 --- a/SOURCES/0005-negcache-add-fq-usernames-of-know-domains-to-all-UPN.patch +++ /dev/null @@ -1,126 +0,0 @@ -From e7e212b49bbd357129aab410cbbd5c7b1b0965a2 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Mon, 24 Jun 2019 14:01:02 +0200 -Subject: [PATCH] negcache: add fq-usernames of know domains to all UPN - neg-caches - -The previous patch for this issue did not handle user with -fully-qualified names from known domains correctly. Here the user was -only added to the negative cache of the known domain but not to the -negative UPN caches for all domains. This patch fixes this. - -Related to https://pagure.io/SSSD/sssd/issue/3978 - -Reviewed-by: Jakub Hrozek ---- - src/responder/common/negcache.c | 54 ++++++++++++++++---------------- - src/tests/cmocka/test_negcache.c | 17 +++++++++- - 2 files changed, 43 insertions(+), 28 deletions(-) - -diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c -index d6f72d816..d9bf1417e 100644 ---- a/src/responder/common/negcache.c -+++ b/src/responder/common/negcache.c -@@ -1070,37 +1070,37 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, - continue; - } - if (domainname) { -- dom = responder_get_domain(rctx, domainname); -- if (!dom) { -- DEBUG(SSSDBG_CRIT_FAILURE, -- "Unknown domain name [%s], assuming [%s] is UPN\n", -- domainname, filter_list[i]); -- for (dom = domain_list; -- dom != NULL; -- dom = get_next_domain(dom, SSS_GND_ALL_DOMAINS)) { -- ret = sss_ncache_set_upn(ncache, true, dom, filter_list[i]); -- if (ret != EOK) { -- DEBUG(SSSDBG_OP_FAILURE, -- "sss_ncache_set_upn failed (%d [%s]), ignored\n", -- ret, sss_strerror(ret)); -- } -+ DEBUG(SSSDBG_TRACE_ALL, -+ "Adding [%s] to UPN negative cache of all domains.\n", -+ filter_list[i]); -+ for (dom = domain_list; -+ dom != NULL; -+ dom = get_next_domain(dom, SSS_GND_ALL_DOMAINS)) { -+ ret = sss_ncache_set_upn(ncache, true, dom, filter_list[i]); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "sss_ncache_set_upn failed (%d [%s]), ignored\n", -+ ret, sss_strerror(ret)); - } -- continue; - } - -- fqname = sss_create_internal_fqname(tmpctx, name, dom->name); -- if (fqname == NULL) { -- continue; -- } -+ /* Add name to domain specific cache for known domain names */ -+ dom = responder_get_domain(rctx, domainname); -+ if (dom != NULL) { -+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name); -+ if (fqname == NULL) { -+ continue; -+ } - -- ret = sss_ncache_set_user(ncache, true, dom, fqname); -- talloc_zfree(fqname); -- if (ret != EOK) { -- DEBUG(SSSDBG_CRIT_FAILURE, -- "Failed to store permanent user filter for [%s]" -- " (%d [%s])\n", filter_list[i], -- ret, strerror(ret)); -- continue; -+ ret = sss_ncache_set_user(ncache, true, dom, fqname); -+ talloc_zfree(fqname); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "Failed to store permanent user filter for [%s]" -+ " (%d [%s])\n", filter_list[i], -+ ret, strerror(ret)); -+ continue; -+ } - } - } else { - for (dom = domain_list; -diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c -index 7ab8a0981..9d4bdde14 100644 ---- a/src/tests/cmocka/test_negcache.c -+++ b/src/tests/cmocka/test_negcache.c -@@ -637,7 +637,7 @@ static void test_sss_ncache_prepopulate(void **state) - struct sss_domain_info *subdomain; - - struct sss_test_conf_param nss_params[] = { -- { "filter_users", "testuser_nss@UPN.REALM, testuser_nss_short" }, -+ { "filter_users", "testuser_nss@UPN.REALM, testuser_nss_short, all_dom_upn@"TEST_DOM_NAME }, - { NULL, NULL }, - }; - struct sss_test_conf_param dom_params[] = { -@@ -752,6 +752,21 @@ static void test_sss_ncache_prepopulate(void **state) - - ret = sss_ncache_check_upn(ncache, tc->dom, "testuser3@somedomain"); - assert_int_equal(ret, EEXIST); -+ -+ /* Fully qualified names with a known domain part should be added to all -+ * negative UPN caches and to the negative cache of the know domain. */ -+ ret = sss_ncache_check_upn(ncache, tc->dom, "all_dom_upn@"TEST_DOM_NAME); -+ assert_int_equal(ret, EEXIST); -+ -+ ret = sss_ncache_check_upn(ncache, tc->dom->subdomains, -+ "all_dom_upn@"TEST_DOM_NAME); -+ assert_int_equal(ret, EEXIST); -+ -+ ret = check_user_in_ncache(ncache, tc->dom, "all_dom_upn"); -+ assert_int_equal(ret, EEXIST); -+ -+ ret = check_user_in_ncache(ncache, tc->dom->subdomains, "all_dom_upn"); -+ assert_int_equal(ret, ENOENT); - } - - static void test_sss_ncache_default_domain_suffix(void **state) --- -2.20.1 - diff --git a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch new file mode 100644 index 0000000..3f7e620 --- /dev/null +++ b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch @@ -0,0 +1,56 @@ +From 1d4a7ffdcf8b303a40058db49d5e1be4bfb8271a Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 17:20:28 +0100 +Subject: [PATCH 5/7] providers/krb5: got rid of unused code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Michal Židek +--- + src/providers/krb5/krb5_common.c | 10 ---------- + src/providers/krb5/krb5_common.h | 7 ------- + 2 files changed, 17 deletions(-) + +diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c +index bfda561c1..5c11c347b 100644 +--- a/src/providers/krb5/krb5_common.c ++++ b/src/providers/krb5/krb5_common.c +@@ -1133,16 +1133,6 @@ void remove_krb5_info_files_callback(void *pvt) + talloc_free(ctx); + } + +-void krb5_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data) +-{ +- orderly_shutdown(0); +-} +- + errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, + struct sss_domain_info *dom, const char *username, + const char *user_dom, char **_upn) +diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h +index cc9313115..493d12e5f 100644 +--- a/src/providers/krb5/krb5_common.h ++++ b/src/providers/krb5/krb5_common.h +@@ -196,13 +196,6 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, + + void remove_krb5_info_files_callback(void *pvt); + +-void krb5_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data); +- + errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm); + + errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, +-- +2.20.1 + diff --git a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch new file mode 100644 index 0000000..a8205b7 --- /dev/null +++ b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch @@ -0,0 +1,84 @@ +From e41e9b37e4d3fcd8544fb6c591dafbaef0954438 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 17:48:14 +0100 +Subject: [PATCH 6/7] data_provider_be: got rid of duplicating SIGTERM handler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It was wrong to install two libtevent SIGTERM handlers both of which did +orderly_shutdown()->exit(). Naturally only one of the handlers was executed +(as process was terminated with exit()) and libtevent docs doesn't say +anything about order of execution. But chances are, be_process_finalize() +was executed first so default_quit() was not executed and main_ctx was not +freed. + +Moreover there is just no reason to have separate be_process_finalize() +at all: default server handler default_quit() frees main_ctx. And be_ctx +is linked to main_ctx so will be freed by default handler as well. + +Resolves: https://pagure.io/SSSD/sssd/issue/4088 + +Reviewed-by: Michal Židek +--- + src/providers/data_provider_be.c | 37 -------------------------------- + 1 file changed, 37 deletions(-) + +diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c +index cfcf0268d..ce00231ff 100644 +--- a/src/providers/data_provider_be.c ++++ b/src/providers/data_provider_be.c +@@ -445,36 +445,6 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx) + return sbus_connection_add_path_map(be_ctx->mon_conn, paths); + } + +-static void be_process_finalize(struct tevent_context *ev, +- struct tevent_signal *se, +- int signum, +- int count, +- void *siginfo, +- void *private_data) +-{ +- struct be_ctx *be_ctx; +- +- be_ctx = talloc_get_type(private_data, struct be_ctx); +- talloc_free(be_ctx); +- orderly_shutdown(0); +-} +- +-static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx) +-{ +- struct tevent_signal *sige; +- +- BlockSignals(false, SIGTERM); +- +- sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO, +- be_process_finalize, be_ctx); +- if (sige == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); +- return ENOMEM; +- } +- +- return EOK; +-} +- + static void dp_initialized(struct tevent_req *req); + + errno_t be_process_init(TALLOC_CTX *mem_ctx, +@@ -566,13 +536,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, + goto done; + } + +- /* Install signal handler */ +- ret = be_process_install_sigterm_handler(be_ctx); +- if (ret != EOK) { +- DEBUG(SSSDBG_CRIT_FAILURE, "be_install_sigterm_handler failed.\n"); +- goto done; +- } +- + req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid); + if (req == NULL) { + ret = ENOMEM; +-- +2.20.1 + diff --git a/SOURCES/0006-p11_child-prefer-better-digest-function-if-card-supp.patch b/SOURCES/0006-p11_child-prefer-better-digest-function-if-card-supp.patch deleted file mode 100644 index b46cf3d..0000000 --- a/SOURCES/0006-p11_child-prefer-better-digest-function-if-card-supp.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 7f0a8f5060b28dc35e152d7290b583de99361d80 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 2 Jul 2019 17:11:50 +0200 -Subject: [PATCH 6/7] p11_child: prefer better digest function if card supports - it - -To improve FIPS compliance and security in general p11_child now checks -which message digest functions (hashes) are support for RSA keys and -tries to use the highest bit length supported. - -For EC keys sha512 is used unconditionally. - -Related to https://pagure.io/SSSD/sssd/issue/4039 - -Reviewed-by: Alexey Tikhonov ---- - src/p11_child/p11_child_openssl.c | 87 +++++++++++++++++++++++++++++-- - 1 file changed, 82 insertions(+), 5 deletions(-) - -diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c -index 007f58c52..7233f39fd 100644 ---- a/src/p11_child/p11_child_openssl.c -+++ b/src/p11_child/p11_child_openssl.c -@@ -1097,7 +1097,75 @@ static int rs_to_seq(TALLOC_CTX *mem_ctx, CK_BYTE *rs_sig, CK_ULONG rs_sig_len, - return EOK; - } - -+static CK_RV get_preferred_rsa_mechanism(TALLOC_CTX *mem_ctx, -+ CK_FUNCTION_LIST *module, -+ CK_SLOT_ID slot_id, -+ CK_MECHANISM_TYPE *preferred_mechanism, -+ const EVP_MD **preferred_evp_md) -+{ -+ CK_ULONG count; -+ CK_MECHANISM_TYPE *mechanism_list = NULL; -+ CK_RV rv; -+ size_t c; -+ size_t m; -+ struct prefs { -+ CK_MECHANISM_TYPE mech; -+ const char *mech_name; -+ const EVP_MD *evp_md; -+ const char *md_name; -+ } prefs[] = { -+ { CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS", EVP_sha512(), "sha512" }, -+ { CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS", EVP_sha384(), "sha384" }, -+ { CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS", EVP_sha256(), "sha256" }, -+ { CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS", EVP_sha224(), "sha224" }, -+ { CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS", EVP_sha1(), "sha1" }, -+ { 0, NULL } -+ }; -+ -+ *preferred_mechanism = CKM_SHA1_RSA_PKCS; -+ *preferred_evp_md = EVP_sha1(); -+ -+ rv = module->C_GetMechanismList(slot_id, NULL, &count); -+ if (rv == CKR_OK && count > 0) { -+ mechanism_list = talloc_size(mem_ctx, -+ count * sizeof(CK_MECHANISM_TYPE)); -+ if (mechanism_list != NULL) { -+ rv = module->C_GetMechanismList(slot_id, mechanism_list, &count); -+ if (rv == CKR_OK) { -+ if (DEBUG_IS_SET(SSSDBG_TRACE_ALL)) { -+ for (m = 0; m < count; m++) { -+ DEBUG(SSSDBG_TRACE_ALL, "Found mechanism [%lu].\n", -+ mechanism_list[m]); -+ } -+ } -+ for (c = 0; prefs[c].mech != 0; c++) { -+ for (m = 0; m < count; m++) { -+ if (prefs[c].mech == mechanism_list[m]) { -+ *preferred_mechanism = prefs[c].mech; -+ *preferred_evp_md = prefs[c].evp_md; -+ DEBUG(SSSDBG_FUNC_DATA, -+ "Using PKCS#11 mechanism [%lu][%s] and " -+ "local message digest [%s].\n", -+ *preferred_mechanism, prefs[c].mech_name, -+ prefs[c].md_name); -+ break; -+ } -+ } -+ if (m != count) { -+ break; -+ } -+ } -+ } -+ } -+ } -+ -+ talloc_free(mechanism_list); -+ -+ return rv; -+} -+ - static int sign_data(CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, -+ CK_SLOT_ID slot_id, - struct cert_list *cert) - { - CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; -@@ -1108,6 +1176,7 @@ static int sign_data(CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, - {CKA_ID, NULL, 0} - }; - CK_MECHANISM mechanism = { CK_UNAVAILABLE_INFORMATION, NULL, 0 }; -+ CK_MECHANISM_TYPE preferred_mechanism; - CK_OBJECT_HANDLE priv_key_object; - CK_ULONG object_count; - CK_BYTE random_value[128]; -@@ -1157,15 +1226,23 @@ static int sign_data(CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, - - switch (get_key_type(module, session, priv_key_object)) { - case CKK_RSA: -- DEBUG(SSSDBG_TRACE_ALL, "Found RSA key using CKM_SHA1_RSA_PKCS.\n"); -- mechanism.mechanism = CKM_SHA1_RSA_PKCS; -- evp_md = EVP_sha1(); -+ rv = get_preferred_rsa_mechanism(cert, module, slot_id, -+ &preferred_mechanism, &evp_md); -+ if (rv != CKR_OK) { -+ DEBUG(SSSDBG_OP_FAILURE, "get_preferred_rsa_mechanism failed, " -+ "using default CKM_SHA1_RSA_PKCS.\n"); -+ preferred_mechanism = CKM_SHA1_RSA_PKCS; -+ evp_md = EVP_sha1(); -+ } -+ DEBUG(SSSDBG_TRACE_ALL, "Found RSA key using mechanism [%lu].\n", -+ preferred_mechanism); -+ mechanism.mechanism = preferred_mechanism; - card_does_hash = true; - break; - case CKK_EC: - DEBUG(SSSDBG_TRACE_ALL, "Found ECC key using CKM_ECDSA.\n"); - mechanism.mechanism = CKM_ECDSA; -- evp_md = EVP_sha1(); -+ evp_md = EVP_sha512(); - card_does_hash = false; - break; - case CK_UNAVAILABLE_INFORMATION: -@@ -1662,7 +1739,7 @@ errno_t do_card(TALLOC_CTX *mem_ctx, struct p11_ctx *p11_ctx, - goto done; - } - -- ret = sign_data(module, session, cert_list); -+ ret = sign_data(module, session, slot_id, cert_list); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sign_data failed.\n"); - ret = EACCES; --- -2.20.1 - diff --git a/SOURCES/0007-p11_child-fix-a-memory-leak-and-other-memory-mangeme.patch b/SOURCES/0007-p11_child-fix-a-memory-leak-and-other-memory-mangeme.patch deleted file mode 100644 index 6abe806..0000000 --- a/SOURCES/0007-p11_child-fix-a-memory-leak-and-other-memory-mangeme.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 60748f69d9e21cf4cfd0655a0d7b81a715e9ae04 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 2 Jul 2019 21:58:15 +0200 -Subject: [PATCH 7/7] p11_child: fix a memory leak and other memory mangement - issues - -EVP_MD_CTX_create() was called without matching EVP_MD_CTX_destroy(). - -Reviewed-by: Alexey Tikhonov ---- - src/p11_child/p11_child_openssl.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c -index 7233f39fd..64d2d759c 100644 ---- a/src/p11_child/p11_child_openssl.c -+++ b/src/p11_child/p11_child_openssl.c -@@ -986,9 +986,9 @@ static int do_hash(TALLOC_CTX *mem_ctx, const EVP_MD *evp_md, - - done: - -+ EVP_MD_CTX_free(md_ctx); - if (ret != EOK) { - free(out); -- EVP_MD_CTX_free(md_ctx); - } - - return ret; -@@ -1187,7 +1187,7 @@ static int sign_data(CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, - CK_RV rv; - CK_RV rv_f; - EVP_PKEY *cert_pub_key = NULL; -- EVP_MD_CTX *md_ctx; -+ EVP_MD_CTX *md_ctx = NULL; - int ret; - const EVP_MD *evp_md = NULL; - CK_BYTE *hash_val = NULL; -@@ -1358,6 +1358,8 @@ static int sign_data(CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, - ret = EOK; - - done: -+ EVP_MD_CTX_destroy(md_ctx); -+ talloc_free(hash_val); - talloc_free(signature); - EVP_PKEY_free(cert_pub_key); - --- -2.20.1 - diff --git a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch new file mode 100644 index 0000000..727d7cc --- /dev/null +++ b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch @@ -0,0 +1,32 @@ +From 3f52de891cba55230730602d41c3811cf1b17d96 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 9 Dec 2019 18:26:56 +0100 +Subject: [PATCH 7/7] util/server: improved debug at shutdown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Relates: https://pagure.io/SSSD/sssd/issue/4088 + +Reviewed-by: Michal Židek +--- + src/util/server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/util/server.c b/src/util/server.c +index ee57ac128..33524066e 100644 +--- a/src/util/server.c ++++ b/src/util/server.c +@@ -242,7 +242,8 @@ void orderly_shutdown(int status) + kill(-getpgrp(), SIGTERM); + } + #endif +- if (status == 0) sss_log(SSS_LOG_INFO, "Shutting down"); ++ DEBUG(SSSDBG_IMPORTANT_INFO, "Shutting down (status = %d)", status); ++ sss_log(SSS_LOG_INFO, "Shutting down (status = %d)", status); + exit(status); + } + +-- +2.20.1 + diff --git a/SOURCES/0008-man-fix-description-of-dns_resolver_op_timeout.patch b/SOURCES/0008-man-fix-description-of-dns_resolver_op_timeout.patch deleted file mode 100644 index e8624ce..0000000 --- a/SOURCES/0008-man-fix-description-of-dns_resolver_op_timeout.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7b4635c8428917ced63954f2c3c70491b45d7870 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Jun 2019 13:49:13 +0200 -Subject: [PATCH 08/12] man: fix description of dns_resolver_op_timeout - -Resolves: -https://pagure.io/SSSD/sssd/issue/3217 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Sumit Bose ---- - src/man/include/failover.xml | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml -index cd6fd4d79..11ff86a38 100644 ---- a/src/man/include/failover.xml -+++ b/src/man/include/failover.xml -@@ -77,7 +77,13 @@ - - - -- How long would SSSD talk to a single DNS server. -+ Time in seconds to tell how long would SSSD try -+ to resolve single DNS query (e.g. resolution of a -+ hostname or an SRV record) before trying the next -+ hostname or discovery domain. -+ -+ -+ Default: 6 - - - --- -2.20.1 - diff --git a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch new file mode 100644 index 0000000..4370350 --- /dev/null +++ b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch @@ -0,0 +1,52 @@ +From 26e33b1984cce3549df170f58f8221201ad54cfd Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Tue, 7 Jan 2020 16:29:05 +0100 +Subject: [PATCH] util/sss_ptr_hash: fixed double free in + sss_ptr_hash_delete_cb() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Calling data->callback(value->ptr) in sss_ptr_hash_delete_cb() could lead +to freeing of value->ptr and thus to destruction of value->spy that is +attached to value->ptr. +In turn sss_ptr_hash_spy_destructor() calls sss_ptr_hash_delete() -> +hash_delete() -> sss_ptr_hash_delete_cb() again and in this recursive +execution hash entry was actually deleted and value was freed. +When stack was unwound back to "first" sss_ptr_hash_delete_cb() it tried +to free value again => double free. + +To prevent this bug value and hence spy are now freed before execution of +data->callback(value->ptr). + +Resolves: https://pagure.io/SSSD/sssd/issue/4135 + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index c7403ffa6..8f9762cb9 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -154,13 +154,13 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + callback_entry.value.type = HASH_VALUE_PTR; + callback_entry.value.ptr = value->ptr; + ++ /* Free value, this also will disable spy */ ++ talloc_free(value); ++ + /* Switch to the input value and call custom callback. */ + if (data->callback != NULL) { + data->callback(&callback_entry, deltype, data->pvt); + } +- +- /* Free value. */ +- talloc_free(value); + } + + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, +-- +2.20.1 + diff --git a/SOURCES/0009-man-fix-description-of-dns_resolver_timeout.patch b/SOURCES/0009-man-fix-description-of-dns_resolver_timeout.patch deleted file mode 100644 index 4f486f4..0000000 --- a/SOURCES/0009-man-fix-description-of-dns_resolver_timeout.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3807de1d97fc87cf7c25af264a8b1bbabdef54e2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Jun 2019 13:49:33 +0200 -Subject: [PATCH 09/12] man: fix description of dns_resolver_timeout - -Resolves: -https://pagure.io/SSSD/sssd/issue/3217 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Sumit Bose ---- - src/man/include/failover.xml | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml -index 11ff86a38..7b451d831 100644 ---- a/src/man/include/failover.xml -+++ b/src/man/include/failover.xml -@@ -98,6 +98,9 @@ - include several steps, such as resolving DNS SRV - queries or locating the site. - -+ -+ Default: 6 -+ - - - --- -2.20.1 - diff --git a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch new file mode 100644 index 0000000..212ff00 --- /dev/null +++ b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch @@ -0,0 +1,195 @@ +From bd201746f8cf0e95615b3e98868555451b5e66b8 Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Mon, 2 Dec 2019 11:11:52 +0100 +Subject: [PATCH] sdap: Add randomness to ldap connection timeout + +In case of mass deployment, mass registration of IPA clients roughly on +the same time leads to regular CPU load spikes on IPA servers, the load +spikes are caused by all/most clients refreshing their LDAP connections +(ldap_connection_expire_timeout) every 15 minutes. + +This patch introduces new random value (from 0 up to +ldap_connection_expire_offset) that is added to the timeout. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3630 + +Reviewed-by: Alexey Tikhonov +--- + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + + src/man/sssd-ldap.5.xml | 19 +++++++++++++++++++ + src/providers/ad/ad_opts.c | 1 + + src/providers/ipa/ipa_opts.c | 1 + + src/providers/ldap/ldap_opts.c | 1 + + src/providers/ldap/sdap.h | 1 + + src/providers/ldap/sdap_async_connection.c | 12 ++++++++++++ + 10 files changed, 39 insertions(+) + +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index 8c73c89ac..c56d5a668 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -600,6 +600,7 @@ option = ldap_chpass_dns_service_name + option = ldap_chpass_update_last_change + option = ldap_chpass_uri + option = ldap_connection_expire_timeout ++option = ldap_connection_expire_offset + option = ldap_default_authtok + option = ldap_default_authtok_type + option = ldap_default_bind_dn +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index 80e329b3b..aaa0b2345 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -58,6 +58,7 @@ ldap_deref = str, None, false + ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + krb5_confd_path = str, None, false + wildcard_limit = int, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf +index e2d46db75..7ed153d36 100644 +--- a/src/config/etc/sssd.api.d/sssd-ipa.conf ++++ b/src/config/etc/sssd.api.d/sssd-ipa.conf +@@ -52,6 +52,7 @@ ldap_deref = str, None, false + ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + krb5_confd_path = str, None, false + wildcard_limit = int, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf +index 01c1d7f12..4f73e901e 100644 +--- a/src/config/etc/sssd.api.d/sssd-ldap.conf ++++ b/src/config/etc/sssd.api.d/sssd-ldap.conf +@@ -36,6 +36,7 @@ ldap_deref_threshold = int, None, false + ldap_sasl_canonicalize = bool, None, false + ldap_sasl_minssf = int, None, false + ldap_connection_expire_timeout = int, None, false ++ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false + ldap_disable_range_retrieval = bool, None, false + wildcard_limit = int, None, false +diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml +index 6d1ae23ec..f8bb973c7 100644 +--- a/src/man/sssd-ldap.5.xml ++++ b/src/man/sssd-ldap.5.xml +@@ -509,12 +509,31 @@ + the two values (this value vs. the TGT lifetime) + will be used. + ++ ++ This timeout can be extended of a random ++ value specified by ++ ldap_connection_expire_offset ++ + + Default: 900 (15 minutes) + + + + ++ ++ ldap_connection_expire_offset (integer) ++ ++ ++ Random offset between 0 and configured value ++ is added to ++ ldap_connection_expire_timeout. ++ ++ ++ Default: 0 ++ ++ ++ ++ + + ldap_page_size (integer) + +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index cd568e466..1293219ee 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -137,6 +137,7 @@ struct dp_option ad_def_ldap_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c +index 7974cb8ea..4fafa073d 100644 +--- a/src/providers/ipa/ipa_opts.c ++++ b/src/providers/ipa/ipa_opts.c +@@ -147,6 +147,7 @@ struct dp_option ipa_def_ldap_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c +index a20ec0d86..ffd0c6baa 100644 +--- a/src/providers/ldap/ldap_opts.c ++++ b/src/providers/ldap/ldap_opts.c +@@ -107,6 +107,7 @@ struct dp_option default_basic_opts[] = { + { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, + { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, ++ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, +diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h +index d0a19a660..f27b3c480 100644 +--- a/src/providers/ldap/sdap.h ++++ b/src/providers/ldap/sdap.h +@@ -221,6 +221,7 @@ enum sdap_basic_opt { + SDAP_DEREF_THRESHOLD, + SDAP_SASL_CANONICALIZE, + SDAP_EXPIRE_TIMEOUT, ++ SDAP_EXPIRE_OFFSET, + SDAP_DISABLE_PAGING, + SDAP_IDMAP_LOWER, + SDAP_IDMAP_UPPER, +diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c +index 0260cba6f..7438d14a7 100644 +--- a/src/providers/ldap/sdap_async_connection.c ++++ b/src/providers/ldap/sdap_async_connection.c +@@ -1803,6 +1803,8 @@ static void sdap_cli_auth_step(struct tevent_req *req) + struct tevent_req *subreq; + time_t now; + int expire_timeout; ++ int expire_offset; ++ + const char *sasl_mech = dp_opt_get_string(state->opts->basic, + SDAP_SASL_MECH); + const char *user_dn = dp_opt_get_string(state->opts->basic, +@@ -1832,6 +1834,16 @@ static void sdap_cli_auth_step(struct tevent_req *req) + */ + now = time(NULL); + expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT); ++ expire_offset = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_OFFSET); ++ if (expire_offset > 0) { ++ expire_timeout += sss_rand() % (expire_offset + 1); ++ } else if (expire_offset < 0) { ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ "Negative value [%d] of ldap_connection_expire_offset " ++ "is not allowed.\n", ++ expire_offset); ++ } ++ + DEBUG(SSSDBG_CONF_SETTINGS, "expire timeout is %d\n", expire_timeout); + if (!state->sh->expire_time + || (state->sh->expire_time > (now + expire_timeout))) { +-- +2.20.1 + diff --git a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch new file mode 100644 index 0000000..6cf80bd --- /dev/null +++ b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch @@ -0,0 +1,55 @@ +From 9beb736aac6aa21433a4541fb56e4fa7d7dbc462 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 26 Sep 2019 20:24:34 +0200 +Subject: [PATCH 10/13] ad: allow booleans for ad_inherit_opts_if_needed() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently ad_inherit_opts_if_needed() can only handle strings. With this +patch it can handle boolean options as well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_common.c | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index 5540066d4..600e3ceb2 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -1479,9 +1479,26 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts, + const char *parent_val = NULL; + char *dummy = NULL; + char *option_list[2] = { NULL, NULL }; +- +- parent_val = dp_opt_get_cstring(parent_opts, opt_id); +- if (parent_val != NULL) { ++ bool is_default = true; ++ ++ switch (parent_opts[opt_id].type) { ++ case DP_OPT_STRING: ++ parent_val = dp_opt_get_cstring(parent_opts, opt_id); ++ break; ++ case DP_OPT_BOOL: ++ /* For booleans it is hard to say if the option is set or not since ++ * both possible values are valid ones. So we check if the value is ++ * different from the default and skip if it is the default. In this ++ * case the sub-domain option would either be the default as well or ++ * manully set and in both cases we do not have to change it. */ ++ is_default = (parent_opts[opt_id].val.boolean ++ == parent_opts[opt_id].def_val.boolean); ++ break; ++ default: ++ DEBUG(SSSDBG_TRACE_FUNC, "Unsupported type, skipping.\n"); ++ } ++ ++ if (parent_val != NULL || !is_default) { + ret = confdb_get_string(cdb, NULL, subdom_conf_path, + parent_opts[opt_id].opt_name, NULL, &dummy); + if (ret != EOK) { +-- +2.20.1 + diff --git a/SOURCES/0010-failover-add-dns_resolver_server_timeout-option.patch b/SOURCES/0010-failover-add-dns_resolver_server_timeout-option.patch deleted file mode 100644 index 2abfcaf..0000000 --- a/SOURCES/0010-failover-add-dns_resolver_server_timeout-option.patch +++ /dev/null @@ -1,276 +0,0 @@ -From 99e2a107f01c625cb59cb88589db87294176d6c6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Jun 2019 13:37:23 +0200 -Subject: [PATCH 10/12] failover: add dns_resolver_server_timeout option - -Resolves: -https://pagure.io/SSSD/sssd/issue/3217 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Sumit Bose ---- - src/config/SSSDConfig/__init__.py.in | 1 + - src/config/SSSDConfigTest.py | 2 ++ - src/config/cfg_rules.ini | 1 + - src/config/etc/sssd.api.conf | 1 + - src/man/include/failover.xml | 17 ++++++++++++++++- - src/providers/data_provider.h | 1 + - src/providers/data_provider_fo.c | 3 +++ - src/resolv/async_resolv.c | 10 ++++++---- - src/resolv/async_resolv.h | 2 +- - src/tests/cmocka/test_fo_srv.c | 4 ++-- - src/tests/cmocka/test_resolv_fake.c | 2 +- - src/tests/fail_over-tests.c | 2 +- - src/tests/resolv-tests.c | 2 +- - 13 files changed, 37 insertions(+), 11 deletions(-) - -diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in -index 9642fe6ba..2d1214e16 100644 ---- a/src/config/SSSDConfig/__init__.py.in -+++ b/src/config/SSSDConfig/__init__.py.in -@@ -171,6 +171,7 @@ option_strings = { - 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), - 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), - 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), -+ 'dns_resolver_server_timeout' : _('How long should SSSD talk to single DNS server before trying next server (miliseconds)'), - 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), - 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), - 'override_gid' : _('Override GID value from the identity provider with this value'), -diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py -index 727df71ab..82b1a9700 100755 ---- a/src/config/SSSDConfigTest.py -+++ b/src/config/SSSDConfigTest.py -@@ -606,6 +606,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): - 'refresh_expired_interval', - 'lookup_family_order', - 'account_cache_expiration', -+ 'dns_resolver_server_timeout', - 'dns_resolver_timeout', - 'dns_discovery_domain', - 'dyndns_update', -@@ -976,6 +977,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): - 'refresh_expired_interval', - 'account_cache_expiration', - 'lookup_family_order', -+ 'dns_resolver_server_timeout', - 'dns_resolver_timeout', - 'dns_discovery_domain', - 'dyndns_update', -diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini -index 929e6149a..a2efb3a67 100644 ---- a/src/config/cfg_rules.ini -+++ b/src/config/cfg_rules.ini -@@ -367,6 +367,7 @@ option = account_cache_expiration - option = pwd_expiration_warning - option = filter_users - option = filter_groups -+option = dns_resolver_server_timeout - option = dns_resolver_timeout - option = dns_discovery_domain - option = override_gid -diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf -index c6d6690fb..288b1cfe7 100644 ---- a/src/config/etc/sssd.api.conf -+++ b/src/config/etc/sssd.api.conf -@@ -170,6 +170,7 @@ account_cache_expiration = int, None, false - pwd_expiration_warning = int, None, false - filter_users = list, str, false - filter_groups = list, str, false -+dns_resolver_server_timeout = int, None, false - dns_resolver_timeout = int, None, false - dns_discovery_domain = str, None, false - override_gid = int, None, false -diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml -index 7b451d831..f2a01b933 100644 ---- a/src/man/include/failover.xml -+++ b/src/man/include/failover.xml -@@ -71,6 +71,20 @@ - , - manual page. - -+ -+ -+ dns_resolver_server_timeout -+ -+ -+ -+ Time in milliseconds that sets how long would SSSD -+ talk to a single DNS server before trying next one. -+ -+ -+ Default: 2000 -+ -+ -+ - - - dns_resolver_op_timeout -@@ -111,7 +125,8 @@ - ldap_opt_timeout> timeout should be set to - a larger value than dns_resolver_timeout - which in turn should be set to a larger value than -- dns_resolver_op_timeout. -+ dns_resolver_op_timeout which should be larger -+ than dns_resolver_server_timeout. - - - -diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h -index a0a21cc12..2d10dbb5b 100644 ---- a/src/providers/data_provider.h -+++ b/src/providers/data_provider.h -@@ -265,6 +265,7 @@ enum dp_res_opts { - DP_RES_OPT_FAMILY_ORDER, - DP_RES_OPT_RESOLVER_TIMEOUT, - DP_RES_OPT_RESOLVER_OP_TIMEOUT, -+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, - DP_RES_OPT_DNS_DOMAIN, - - DP_RES_OPTS /* attrs counter */ -diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c -index 473b667e5..a7af3e2a5 100644 ---- a/src/providers/data_provider_fo.c -+++ b/src/providers/data_provider_fo.c -@@ -833,6 +833,7 @@ static struct dp_option dp_res_default_opts[] = { - { "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING }, - { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, - { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -+ { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER }, - { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - DP_OPTION_TERMINATOR - }; -@@ -894,6 +895,8 @@ errno_t be_res_init(struct be_ctx *ctx) - ret = resolv_init(ctx, ctx->ev, - dp_opt_get_int(ctx->be_res->opts, - DP_RES_OPT_RESOLVER_OP_TIMEOUT), -+ dp_opt_get_int(ctx->be_res->opts, -+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), - &ctx->be_res->resolv); - if (ret != EOK) { - talloc_zfree(ctx->be_res); -diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c -index 01d835ec9..00b9531d4 100644 ---- a/src/resolv/async_resolv.c -+++ b/src/resolv/async_resolv.c -@@ -60,8 +60,6 @@ - #define DNS_RR_LEN(r) DNS__16BIT((r) + 8) - #define DNS_RR_TTL(r) DNS__32BIT((r) + 4) - --#define RESOLV_TIMEOUTMS 2000 -- - enum host_database default_host_dbs[] = { DB_FILES, DB_DNS, DB_SENTINEL }; - - struct fd_watch { -@@ -83,6 +81,9 @@ struct resolv_ctx { - /* Time in milliseconds before canceling a DNS request */ - int timeout; - -+ /* Time in milliseconds for communication with single DNS server. */ -+ int ares_timeout; -+ - /* The timeout watcher periodically calls ares_process_fd() to check - * if our pending requests didn't timeout. */ - int pending_requests; -@@ -423,7 +424,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) - */ - options.sock_state_cb = fd_event; - options.sock_state_cb_data = ctx; -- options.timeout = RESOLV_TIMEOUTMS; -+ options.timeout = ctx->ares_timeout; - /* Only affects ares_gethostbyname */ - options.lookups = discard_const("f"); - options.tries = 1; -@@ -450,7 +451,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) - - int - resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, -- int timeout, struct resolv_ctx **ctxp) -+ int timeout, int ares_timeout, struct resolv_ctx **ctxp) - { - int ret; - struct resolv_ctx *ctx; -@@ -467,6 +468,7 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, - - ctx->ev_ctx = ev_ctx; - ctx->timeout = timeout; -+ ctx->ares_timeout = ares_timeout; - - ret = recreate_ares_channel(ctx); - if (ret != EOK) { -diff --git a/src/resolv/async_resolv.h b/src/resolv/async_resolv.h -index 90ed03707..d83a7be44 100644 ---- a/src/resolv/async_resolv.h -+++ b/src/resolv/async_resolv.h -@@ -52,7 +52,7 @@ - struct resolv_ctx; - - int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, -- int timeout, struct resolv_ctx **ctxp); -+ int timeout, int ares_timeout, struct resolv_ctx **ctxp); - - void resolv_reread_configuration(struct resolv_ctx *ctx); - -diff --git a/src/tests/cmocka/test_fo_srv.c b/src/tests/cmocka/test_fo_srv.c -index a11ebbb54..c13cf3a69 100644 ---- a/src/tests/cmocka/test_fo_srv.c -+++ b/src/tests/cmocka/test_fo_srv.c -@@ -49,7 +49,7 @@ struct resolv_ctx { - - /* mock resolver interface. The resolver test is separate */ - int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, -- int timeout, struct resolv_ctx **ctxp) -+ int timeout, int ares_timeout, struct resolv_ctx **ctxp) - { - *ctxp = talloc(mem_ctx, struct resolv_ctx); - return EOK; -@@ -230,7 +230,7 @@ static int test_fo_setup(void **state) - assert_non_null(test_ctx->ctx); - - ret = resolv_init(test_ctx, test_ctx->ctx->ev, -- TEST_RESOLV_TIMEOUT, &test_ctx->resolv); -+ TEST_RESOLV_TIMEOUT, 2000, &test_ctx->resolv); - assert_non_null(test_ctx->resolv); - - memset(&fopts, 0, sizeof(fopts)); -diff --git a/src/tests/cmocka/test_resolv_fake.c b/src/tests/cmocka/test_resolv_fake.c -index 4cb3d4027..0f4011a39 100644 ---- a/src/tests/cmocka/test_resolv_fake.c -+++ b/src/tests/cmocka/test_resolv_fake.c -@@ -240,7 +240,7 @@ static int test_resolv_fake_setup(void **state) - assert_non_null(test_ctx->ctx); - - ret = resolv_init(test_ctx, test_ctx->ctx->ev, -- TEST_DEFAULT_TIMEOUT, &test_ctx->resolv); -+ TEST_DEFAULT_TIMEOUT, 2000, &test_ctx->resolv); - assert_int_equal(ret, EOK); - - *state = test_ctx; -diff --git a/src/tests/fail_over-tests.c b/src/tests/fail_over-tests.c -index 5312b2772..b2269ef3b 100644 ---- a/src/tests/fail_over-tests.c -+++ b/src/tests/fail_over-tests.c -@@ -73,7 +73,7 @@ setup_test(void) - fail("Could not init tevent context"); - } - -- ret = resolv_init(ctx, ctx->ev, 5, &ctx->resolv); -+ ret = resolv_init(ctx, ctx->ev, 5, 2000, &ctx->resolv); - if (ret != EOK) { - talloc_free(ctx); - fail("Could not init resolv context"); -diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c -index 4a2b3b904..bc4cd7cc1 100644 ---- a/src/tests/resolv-tests.c -+++ b/src/tests/resolv-tests.c -@@ -76,7 +76,7 @@ static int setup_resolv_test(int timeout, struct resolv_test_ctx **ctx) - return EFAULT; - } - -- ret = resolv_init(test_ctx, test_ctx->ev, timeout, &test_ctx->resolv); -+ ret = resolv_init(test_ctx, test_ctx->ev, timeout, 2000, &test_ctx->resolv); - if (ret != EOK) { - fail("Could not init resolv context"); - talloc_free(test_ctx); --- -2.20.1 - diff --git a/SOURCES/0011-ad-add-ad_use_ldaps.patch b/SOURCES/0011-ad-add-ad_use_ldaps.patch new file mode 100644 index 0000000..4b23943 --- /dev/null +++ b/SOURCES/0011-ad-add-ad_use_ldaps.patch @@ -0,0 +1,438 @@ +From da0be382d95f0bdbc6ad5ccb68503456c2ee858b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 26 Sep 2019 20:27:09 +0200 +Subject: [PATCH 11/13] ad: add ad_use_ldaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With this new boolean option the AD provider should only use the LDAPS +port 636 and the Global Catalog port 3629 which is TLS protected as +well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/config/SSSDConfig/__init__.py.in | 1 + + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/man/sssd-ad.5.xml | 20 +++++++++++++++++++ + src/providers/ad/ad_common.c | 24 +++++++++++++++++++---- + src/providers/ad/ad_common.h | 8 +++++++- + src/providers/ad/ad_init.c | 8 +++++++- + src/providers/ad/ad_opts.c | 1 + + src/providers/ad/ad_srv.c | 16 ++++++++++++--- + src/providers/ad/ad_srv.h | 3 ++- + src/providers/ad/ad_subdomains.c | 21 ++++++++++++++++++-- + src/providers/ipa/ipa_subdomains_server.c | 4 ++-- + 12 files changed, 94 insertions(+), 14 deletions(-) + +diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in +index eba89b461..84631862a 100644 +--- a/src/config/SSSDConfig/__init__.py.in ++++ b/src/config/SSSDConfig/__init__.py.in +@@ -252,6 +252,7 @@ option_strings = { + 'ad_site' : _('a particular site to be used by the client'), + 'ad_maximum_machine_account_password_age' : _('Maximum age in days before the machine account password should be renewed'), + 'ad_machine_account_password_renewal_opts' : _('Option for tuning the machine account renewal task'), ++ 'ad_use_ldaps' : _('Use LDAPS port for LDAP and Global Catalog requests'), + + # [provider/krb5] + 'krb5_kdcip' : _('Kerberos server address'), +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index c56d5a668..1034a1fd6 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -464,6 +464,7 @@ option = ad_machine_account_password_renewal_opts + option = ad_maximum_machine_account_password_age + option = ad_server + option = ad_site ++option = ad_use_ldaps + + # IPA provider specific options + option = ipa_anchor_uuid +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index aaa0b2345..a2af72603 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -20,6 +20,7 @@ ad_gpo_default_right = str, None, false + ad_site = str, None, false + ad_maximum_machine_account_password_age = int, None, false + ad_machine_account_password_renewal_opts = str, None, false ++ad_use_ldaps = bool, None, false + ldap_uri = str, None, false + ldap_backup_uri = str, None, false + ldap_search_base = str, None, false +diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml +index fdcb4e4b9..ade56cd6d 100644 +--- a/src/man/sssd-ad.5.xml ++++ b/src/man/sssd-ad.5.xml +@@ -1015,6 +1015,26 @@ ad_gpo_map_deny = +my_pam_service + + + ++ ++ ad_use_ldaps (bool) ++ ++ ++ By default SSSD uses the plain LDAP port 389 and the ++ Global Catalog port 3628. If this option is set to ++ True SSSD will use the LDAPS port 636 and Global ++ Catalog port 3629 with LDAPS protection. Since AD ++ does not allow to have multiple encryption layers on ++ a single connection and we still want to use ++ SASL/GSSAPI or SASL/GSS-SPNEGO for authentication ++ the SASL security property maxssf is set to 0 (zero) ++ for those connections. ++ ++ ++ Default: False ++ ++ ++ ++ + + dyndns_update (boolean) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index 600e3ceb2..a2369166a 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -729,6 +729,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + const char *ad_gc_service, + const char *ad_domain, + bool use_kdcinfo, ++ bool ad_use_ldaps, + size_t n_lookahead_primary, + size_t n_lookahead_backup, + struct ad_service **_service) +@@ -746,6 +747,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + goto done; + } + ++ if (ad_use_ldaps) { ++ service->ldap_scheme = "ldaps"; ++ service->port = LDAPS_PORT; ++ service->gc_port = AD_GC_LDAPS_PORT; ++ } else { ++ service->ldap_scheme = "ldap"; ++ service->port = LDAP_PORT; ++ service->gc_port = AD_GC_PORT; ++ } ++ + service->sdap = talloc_zero(service, struct sdap_service); + service->gc = talloc_zero(service, struct sdap_service); + if (!service->sdap || !service->gc) { +@@ -927,7 +938,8 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + goto done; + } + +- new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name); ++ new_uri = talloc_asprintf(service->sdap, "%s://%s", service->ldap_scheme, ++ srv_name); + if (!new_uri) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy URI\n"); + ret = ENOMEM; +@@ -935,7 +947,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + } + DEBUG(SSSDBG_CONF_SETTINGS, "Constructed uri '%s'\n", new_uri); + +- sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); ++ sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, service->port); + if (sockaddr == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); + ret = EIO; +@@ -951,8 +963,12 @@ ad_resolve_callback(void *private_data, struct fo_server *server) + talloc_zfree(service->gc->uri); + talloc_zfree(service->gc->sockaddr); + if (sdata && sdata->gc) { +- new_port = fo_get_server_port(server); +- new_port = (new_port == 0) ? AD_GC_PORT : new_port; ++ if (service->gc_port == AD_GC_LDAPS_PORT) { ++ new_port = service->gc_port; ++ } else { ++ new_port = fo_get_server_port(server); ++ new_port = (new_port == 0) ? service->gc_port : new_port; ++ } + + service->gc->uri = talloc_asprintf(service->gc, "%s:%d", + new_uri, new_port); +diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h +index 75f11de2e..820e06124 100644 +--- a/src/providers/ad/ad_common.h ++++ b/src/providers/ad/ad_common.h +@@ -29,7 +29,8 @@ + #define AD_SERVICE_NAME "AD" + #define AD_GC_SERVICE_NAME "AD_GC" + /* The port the Global Catalog runs on */ +-#define AD_GC_PORT 3268 ++#define AD_GC_PORT 3268 ++#define AD_GC_LDAPS_PORT 3269 + + #define AD_AT_OBJECT_SID "objectSID" + #define AD_AT_DNS_DOMAIN "DnsDomain" +@@ -67,6 +68,7 @@ enum ad_basic_opt { + AD_KRB5_CONFD_PATH, + AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE, + AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS, ++ AD_USE_LDAPS, + + AD_OPTS_BASIC /* opts counter */ + }; +@@ -82,6 +84,9 @@ struct ad_service { + struct sdap_service *sdap; + struct sdap_service *gc; + struct krb5_service *krb5_service; ++ const char *ldap_scheme; ++ int port; ++ int gc_port; + }; + + struct ad_options { +@@ -147,6 +152,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, + const char *ad_gc_service, + const char *ad_domain, + bool use_kdcinfo, ++ bool ad_use_ldaps, + size_t n_lookahead_primary, + size_t n_lookahead_backup, + struct ad_service **_service); +diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c +index 290d5b5c1..2b4b9e2e7 100644 +--- a/src/providers/ad/ad_init.c ++++ b/src/providers/ad/ad_init.c +@@ -138,6 +138,7 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx, + char *ad_servers = NULL; + char *ad_backup_servers = NULL; + char *ad_realm; ++ bool ad_use_ldaps = false; + errno_t ret; + + ad_sasl_initialize(); +@@ -154,12 +155,14 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx, + ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER); + ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); + ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + /* Set up the failover service */ + ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers, + ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME, + dp_opt_get_string(ad_options->basic, AD_DOMAIN), + false, /* will be set in ad_get_auth_options() */ ++ ad_use_ldaps, + (size_t) -1, + (size_t) -1, + &ad_options->service); +@@ -184,11 +187,13 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx, + const char *ad_site_override; + bool sites_enabled; + errno_t ret; ++ bool ad_use_ldaps; + + hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME); + ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN); + ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE); + sites_enabled = dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + + if (!sites_enabled) { +@@ -205,7 +210,8 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx, + srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx, be_ctx->be_res, + default_host_dbs, ad_options->id, + hostname, ad_domain, +- ad_site_override); ++ ad_site_override, ++ ad_use_ldaps); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index 1293219ee..30f9b62fd 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -54,6 +54,7 @@ struct dp_option ad_basic_opts[] = { + { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING }, + { "ad_maximum_machine_account_password_age", DP_OPT_NUMBER, { .number = 30 }, NULL_NUMBER }, + { "ad_machine_account_password_renewal_opts", DP_OPT_STRING, { "86400:750" }, NULL_STRING }, ++ { "ad_use_ldaps", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + DP_OPTION_TERMINATOR + }; + +diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c +index 5fd25f60e..ca15d3715 100644 +--- a/src/providers/ad/ad_srv.c ++++ b/src/providers/ad/ad_srv.c +@@ -244,6 +244,7 @@ struct ad_get_client_site_state { + enum host_database *host_db; + struct sdap_options *opts; + const char *ad_domain; ++ bool ad_use_ldaps; + struct fo_server_info *dcs; + size_t num_dcs; + size_t dc_index; +@@ -264,6 +265,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx, + enum host_database *host_db, + struct sdap_options *opts, + const char *ad_domain, ++ bool ad_use_ldaps, + struct fo_server_info *dcs, + size_t num_dcs) + { +@@ -288,6 +290,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx, + state->host_db = host_db; + state->opts = opts; + state->ad_domain = ad_domain; ++ state->ad_use_ldaps = ad_use_ldaps; + state->dcs = dcs; + state->num_dcs = num_dcs; + +@@ -331,8 +334,11 @@ static errno_t ad_get_client_site_next_dc(struct tevent_req *req) + subreq = sdap_connect_host_send(state, state->ev, state->opts, + state->be_res->resolv, + state->be_res->family_order, +- state->host_db, "ldap", state->dc.host, +- state->dc.port, false); ++ state->host_db, ++ state->ad_use_ldaps ? "ldaps" : "ldap", ++ state->dc.host, ++ state->ad_use_ldaps ? 636 : state->dc.port, ++ false); + if (subreq == NULL) { + ret = ENOMEM; + goto done; +@@ -491,6 +497,7 @@ struct ad_srv_plugin_ctx { + const char *ad_domain; + const char *ad_site_override; + const char *current_site; ++ bool ad_use_ldaps; + }; + + struct ad_srv_plugin_ctx * +@@ -501,7 +508,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + struct sdap_options *opts, + const char *hostname, + const char *ad_domain, +- const char *ad_site_override) ++ const char *ad_site_override, ++ bool ad_use_ldaps) + { + struct ad_srv_plugin_ctx *ctx = NULL; + errno_t ret; +@@ -515,6 +523,7 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + ctx->be_res = be_res; + ctx->host_dbs = host_dbs; + ctx->opts = opts; ++ ctx->ad_use_ldaps = ad_use_ldaps; + + ctx->hostname = talloc_strdup(ctx, hostname); + if (ctx->hostname == NULL) { +@@ -714,6 +723,7 @@ static void ad_srv_plugin_dcs_done(struct tevent_req *subreq) + state->ctx->host_dbs, + state->ctx->opts, + state->discovery_domain, ++ state->ctx->ad_use_ldaps, + dcs, num_dcs); + if (subreq == NULL) { + ret = ENOMEM; +diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h +index e553d594d..8e410ec26 100644 +--- a/src/providers/ad/ad_srv.h ++++ b/src/providers/ad/ad_srv.h +@@ -31,7 +31,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, + struct sdap_options *opts, + const char *hostname, + const char *ad_domain, +- const char *ad_site_override); ++ const char *ad_site_override, ++ bool ad_use_ldaps); + + struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, +diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c +index 2ce34489f..d8c201437 100644 +--- a/src/providers/ad/ad_subdomains.c ++++ b/src/providers/ad/ad_subdomains.c +@@ -282,6 +282,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + bool use_kdcinfo = false; + size_t n_lookahead_primary = SSS_KRB5_LOOKAHEAD_PRIMARY_DEFAULT; + size_t n_lookahead_backup = SSS_KRB5_LOOKAHEAD_BACKUP_DEFAULT; ++ bool ad_use_ldaps = false; + + realm = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_KRB5_REALM); + hostname = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_HOSTNAME); +@@ -312,6 +313,21 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + return ENOMEM; + } + ++ ret = ad_inherit_opts_if_needed(id_ctx->ad_options->basic, ++ ad_options->basic, ++ be_ctx->cdb, subdom_conf_path, ++ AD_USE_LDAPS); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to inherit option [%s] to sub-domain [%s]. " ++ "This error is ignored but might cause issues or unexpected " ++ "behavior later on.\n", ++ id_ctx->ad_options->basic[AD_USE_LDAPS].opt_name, ++ subdom->name); ++ ++ return ret; ++ } ++ + ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic, + ad_options->id->basic, + be_ctx->cdb, subdom_conf_path, +@@ -344,6 +360,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + + servers = dp_opt_get_string(ad_options->basic, AD_SERVER); + backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); ++ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS); + + if (id_ctx->ad_options->auth_ctx != NULL + && id_ctx->ad_options->auth_ctx->opts != NULL) { +@@ -362,7 +379,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + + ret = ad_failover_init(ad_options, be_ctx, servers, backup_servers, + subdom->realm, service_name, gc_service_name, +- subdom->name, use_kdcinfo, ++ subdom->name, use_kdcinfo, ad_use_ldaps, + n_lookahead_primary, + n_lookahead_backup, + &ad_options->service); +@@ -386,7 +403,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + ad_id_ctx->ad_options->id, + hostname, + ad_domain, +- ad_site_override); ++ ad_site_override, ad_use_ldaps); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c +index fd998877b..9aebf72a5 100644 +--- a/src/providers/ipa/ipa_subdomains_server.c ++++ b/src/providers/ipa/ipa_subdomains_server.c +@@ -319,7 +319,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, + ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers, + subdom->realm, + service_name, gc_service_name, +- subdom->name, use_kdcinfo, ++ subdom->name, use_kdcinfo, false, + n_lookahead_primary, n_lookahead_backup, + &ad_options->service); + if (ret != EOK) { +@@ -344,7 +344,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, + ad_id_ctx->ad_options->id, + id_ctx->server_mode->hostname, + ad_domain, +- ad_site_override); ++ ad_site_override, false); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); + return ENOMEM; +-- +2.20.1 + diff --git a/SOURCES/0011-failover-change-default-timeouts.patch b/SOURCES/0011-failover-change-default-timeouts.patch deleted file mode 100644 index b47979e..0000000 --- a/SOURCES/0011-failover-change-default-timeouts.patch +++ /dev/null @@ -1,120 +0,0 @@ -From e97ff0adb62c89cfc7e75858b7e592e0303720b0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Jun 2019 14:01:17 +0200 -Subject: [PATCH 11/12] failover: change default timeouts - -Resolves: -https://pagure.io/SSSD/sssd/issue/3217 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Sumit Bose ---- - src/man/include/failover.xml | 6 +++--- - src/man/sssd-ldap.5.xml | 2 +- - src/providers/ad/ad_opts.c | 2 +- - src/providers/data_provider_fo.c | 4 ++-- - src/providers/ipa/ipa_opts.c | 2 +- - src/providers/ldap/ldap_opts.c | 2 +- - 6 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml -index f2a01b933..288d91807 100644 ---- a/src/man/include/failover.xml -+++ b/src/man/include/failover.xml -@@ -81,7 +81,7 @@ - talk to a single DNS server before trying next one. - - -- Default: 2000 -+ Default: 1000 - - - -@@ -97,7 +97,7 @@ - hostname or discovery domain. - - -- Default: 6 -+ Default: 2 - - - -@@ -113,7 +113,7 @@ - queries or locating the site. - - -- Default: 6 -+ Default: 4 - - - -diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml -index f0bc82db5..c205aea64 100644 ---- a/src/man/sssd-ldap.5.xml -+++ b/src/man/sssd-ldap.5.xml -@@ -1432,7 +1432,7 @@ - StartTLS operation. - - -- Default: 6 -+ Default: 8 - - - -diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c -index 978c395ef..3f7ec08b1 100644 ---- a/src/providers/ad/ad_opts.c -+++ b/src/providers/ad/ad_opts.c -@@ -65,7 +65,7 @@ struct dp_option ad_def_ldap_opts[] = { - { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, - { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, - { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER }, - { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, - { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, -diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c -index a7af3e2a5..c634b8d49 100644 ---- a/src/providers/data_provider_fo.c -+++ b/src/providers/data_provider_fo.c -@@ -832,8 +832,8 @@ void _be_fo_set_port_status(struct be_ctx *ctx, - static struct dp_option dp_res_default_opts[] = { - { "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING }, - { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -- { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -- { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER }, -+ { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, -+ { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, - { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - DP_OPTION_TERMINATOR - }; -diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c -index c38a7da0e..7974cb8ea 100644 ---- a/src/providers/ipa/ipa_opts.c -+++ b/src/providers/ipa/ipa_opts.c -@@ -76,7 +76,7 @@ struct dp_option ipa_def_ldap_opts[] = { - { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, - { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, - { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER }, - { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, - { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, -diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c -index dc56f0712..616934a21 100644 ---- a/src/providers/ldap/ldap_opts.c -+++ b/src/providers/ldap/ldap_opts.c -@@ -36,7 +36,7 @@ struct dp_option default_basic_opts[] = { - { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, - { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, - { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, -+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER }, - { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, - { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, --- -2.20.1 - diff --git a/SOURCES/0012-config-add-dns_resolver_op_timeout-to-option-list.patch b/SOURCES/0012-config-add-dns_resolver_op_timeout-to-option-list.patch deleted file mode 100644 index da4c0e0..0000000 --- a/SOURCES/0012-config-add-dns_resolver_op_timeout-to-option-list.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 049f3906b9ef2041b5e1df666bd570379ae60718 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 8 Jul 2019 11:35:28 +0200 -Subject: [PATCH 12/12] config: add dns_resolver_op_timeout to option list - -Resolves: -https://pagure.io/SSSD/sssd/issue/3217 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Sumit Bose ---- - src/config/SSSDConfig/__init__.py.in | 1 + - src/config/SSSDConfigTest.py | 2 ++ - src/config/cfg_rules.ini | 1 + - src/config/etc/sssd.api.conf | 1 + - 4 files changed, 5 insertions(+) - -diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in -index 2d1214e16..ea7995410 100644 ---- a/src/config/SSSDConfig/__init__.py.in -+++ b/src/config/SSSDConfig/__init__.py.in -@@ -172,6 +172,7 @@ option_strings = { - 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), - 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), - 'dns_resolver_server_timeout' : _('How long should SSSD talk to single DNS server before trying next server (miliseconds)'), -+ 'dns_resolver_op_timeout' : _('How long should keep trying to resolve single DNS query (seconds)'), - 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), - 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), - 'override_gid' : _('Override GID value from the identity provider with this value'), -diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py -index 82b1a9700..95dfd677d 100755 ---- a/src/config/SSSDConfigTest.py -+++ b/src/config/SSSDConfigTest.py -@@ -607,6 +607,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): - 'lookup_family_order', - 'account_cache_expiration', - 'dns_resolver_server_timeout', -+ 'dns_resolver_op_timeout', - 'dns_resolver_timeout', - 'dns_discovery_domain', - 'dyndns_update', -@@ -978,6 +979,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): - 'account_cache_expiration', - 'lookup_family_order', - 'dns_resolver_server_timeout', -+ 'dns_resolver_op_timeout', - 'dns_resolver_timeout', - 'dns_discovery_domain', - 'dyndns_update', -diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini -index a2efb3a67..30040b595 100644 ---- a/src/config/cfg_rules.ini -+++ b/src/config/cfg_rules.ini -@@ -368,6 +368,7 @@ option = pwd_expiration_warning - option = filter_users - option = filter_groups - option = dns_resolver_server_timeout -+option = dns_resolver_op_timeout - option = dns_resolver_timeout - option = dns_discovery_domain - option = override_gid -diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf -index 288b1cfe7..4a069f2db 100644 ---- a/src/config/etc/sssd.api.conf -+++ b/src/config/etc/sssd.api.conf -@@ -171,6 +171,7 @@ pwd_expiration_warning = int, None, false - filter_users = list, str, false - filter_groups = list, str, false - dns_resolver_server_timeout = int, None, false -+dns_resolver_op_timeout = int, None, false - dns_resolver_timeout = int, None, false - dns_discovery_domain = str, None, false - override_gid = int, None, false --- -2.20.1 - diff --git a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch new file mode 100644 index 0000000..311e5ea --- /dev/null +++ b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch @@ -0,0 +1,199 @@ +From 4c855d55944087cb2317c681f1dc78953ec95c4e Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 27 Sep 2019 11:49:59 +0200 +Subject: [PATCH 12/13] ldap: add new option ldap_sasl_maxssf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is already the ldap_sasl_minssf option. To be able to control the +maximal security strength factor (ssf) e.g. when using SASL together +with TLS the option ldap_sasl_maxssf is added as well. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/config/SSSDConfig/__init__.py.in | 1 + + src/config/cfg_rules.ini | 1 + + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + + src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + + src/man/sssd-ldap.5.xml | 16 ++++++++++++++++ + src/providers/ad/ad_opts.c | 1 + + src/providers/ipa/ipa_opts.c | 1 + + src/providers/ldap/ldap_opts.c | 1 + + src/providers/ldap/sdap.h | 1 + + src/providers/ldap/sdap_async_connection.c | 14 ++++++++++++++ + 11 files changed, 39 insertions(+) + +diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in +index 84631862a..a1b088bc4 100644 +--- a/src/config/SSSDConfig/__init__.py.in ++++ b/src/config/SSSDConfig/__init__.py.in +@@ -305,6 +305,7 @@ option_strings = { + 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), + 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'), + 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'), ++ 'ldap_sasl_maxssf' : _('Specify the maximal SSF for LDAP sasl authorization'), + 'ldap_krb5_keytab' : _('Kerberos service keytab'), + 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), + 'ldap_referrals' : _('Follow LDAP referrals'), +diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini +index 1034a1fd6..fd5336db7 100644 +--- a/src/config/cfg_rules.ini ++++ b/src/config/cfg_rules.ini +@@ -664,6 +664,7 @@ option = ldap_sasl_authid + option = ldap_sasl_canonicalize + option = ldap_sasl_mech + option = ldap_sasl_minssf ++option = ldap_sasl_maxssf + option = ldap_schema + option = ldap_pwmodify_mode + option = ldap_search_base +diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf +index a2af72603..d6443e200 100644 +--- a/src/config/etc/sssd.api.d/sssd-ad.conf ++++ b/src/config/etc/sssd.api.d/sssd-ad.conf +@@ -41,6 +41,7 @@ ldap_tls_reqcert = str, None, false + ldap_sasl_mech = str, None, false + ldap_sasl_authid = str, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + krb5_kdcip = str, None, false + krb5_server = str, None, false + krb5_backup_server = str, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf +index 7ed153d36..839f9f471 100644 +--- a/src/config/etc/sssd.api.d/sssd-ipa.conf ++++ b/src/config/etc/sssd.api.d/sssd-ipa.conf +@@ -32,6 +32,7 @@ ldap_tls_reqcert = str, None, false + ldap_sasl_mech = str, None, false + ldap_sasl_authid = str, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + krb5_kdcip = str, None, false + krb5_server = str, None, false + krb5_backup_server = str, None, false +diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf +index 4f73e901e..6db9828b9 100644 +--- a/src/config/etc/sssd.api.d/sssd-ldap.conf ++++ b/src/config/etc/sssd.api.d/sssd-ldap.conf +@@ -35,6 +35,7 @@ ldap_page_size = int, None, false + ldap_deref_threshold = int, None, false + ldap_sasl_canonicalize = bool, None, false + ldap_sasl_minssf = int, None, false ++ldap_sasl_maxssf = int, None, false + ldap_connection_expire_timeout = int, None, false + ldap_connection_expire_offset = int, None, false + ldap_disable_paging = bool, None, false +diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml +index f8bb973c7..0dc675410 100644 +--- a/src/man/sssd-ldap.5.xml ++++ b/src/man/sssd-ldap.5.xml +@@ -612,6 +612,22 @@ + + + ++ ++ ldap_sasl_maxssf (integer) ++ ++ ++ When communicating with an LDAP server using SASL, ++ specify the maximal security level necessary to ++ establish the connection. The values of this ++ option are defined by OpenLDAP. ++ ++ ++ Default: Use the system default (usually specified ++ by ldap.conf) ++ ++ ++ ++ + + ldap_deref_threshold (integer) + +diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c +index 30f9b62fd..905a15cd0 100644 +--- a/src/providers/ad/ad_opts.c ++++ b/src/providers/ad/ad_opts.c +@@ -105,6 +105,7 @@ struct dp_option ad_def_ldap_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c +index 4fafa073d..55de6e600 100644 +--- a/src/providers/ipa/ipa_opts.c ++++ b/src/providers/ipa/ipa_opts.c +@@ -114,6 +114,7 @@ struct dp_option ipa_def_ldap_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = 56 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c +index ffd0c6baa..d1b4e98ad 100644 +--- a/src/providers/ldap/ldap_opts.c ++++ b/src/providers/ldap/ldap_opts.c +@@ -74,6 +74,7 @@ struct dp_option default_basic_opts[] = { + { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, ++ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, + { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + /* use the same parm name as the krb5 module so we set it only once */ +diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h +index f27b3c480..808a2c400 100644 +--- a/src/providers/ldap/sdap.h ++++ b/src/providers/ldap/sdap.h +@@ -192,6 +192,7 @@ enum sdap_basic_opt { + SDAP_SASL_AUTHID, + SDAP_SASL_REALM, + SDAP_SASL_MINSSF, ++ SDAP_SASL_MAXSSF, + SDAP_KRB5_KEYTAB, + SDAP_KRB5_KINIT, + SDAP_KRB5_KDC, +diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c +index 7438d14a7..5f69cedcc 100644 +--- a/src/providers/ldap/sdap_async_connection.c ++++ b/src/providers/ldap/sdap_async_connection.c +@@ -148,6 +148,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) + const char *sasl_mech; + int sasl_minssf; + ber_len_t ber_sasl_minssf; ++ int sasl_maxssf; ++ ber_len_t ber_sasl_maxssf; + + ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); + talloc_zfree(subreq); +@@ -291,6 +293,18 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) + goto fail; + } + } ++ ++ sasl_maxssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MAXSSF); ++ if (sasl_maxssf >= 0) { ++ ber_sasl_maxssf = (ber_len_t)sasl_maxssf; ++ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MAX, ++ &ber_sasl_maxssf); ++ if (lret != LDAP_OPT_SUCCESS) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set LDAP MAX SSF option " ++ "to %d\n", sasl_maxssf); ++ goto fail; ++ } ++ } + } + + /* if we do not use start_tls the connection is not really connected yet +-- +2.20.1 + diff --git a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch new file mode 100644 index 0000000..8a1a42d --- /dev/null +++ b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch @@ -0,0 +1,91 @@ +From d702d594e380a1d0f0e937524bdd8a3eabc9bdf1 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 27 Sep 2019 13:45:13 +0200 +Subject: [PATCH 13/13] ad: set min and max ssf for ldaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AD does not allow to use encryption in the TLS and SASL layer at the +same time. To be able to use ldaps this patch sets min and max ssf to 0 +if ldaps should be used. + +Related to https://pagure.io/SSSD/sssd/issue/4131 + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_common.c | 21 +++++++++++++++++++++ + src/providers/ad/ad_common.h | 2 ++ + src/providers/ad/ad_subdomains.c | 4 ++++ + 3 files changed, 27 insertions(+) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index a2369166a..51300f5b2 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -1021,6 +1021,23 @@ done: + return; + } + ++void ad_set_ssf_for_ldaps(struct sdap_options *id_opts) ++{ ++ int ret; ++ ++ DEBUG(SSSDBG_TRACE_ALL, "Setting ssf for ldaps usage.\n"); ++ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MINSSF, 0); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to set SASL minssf for ldaps usage, ignored.\n"); ++ } ++ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MAXSSF, 0); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to set SASL maxssf for ldaps usage, ignored.\n"); ++ } ++} ++ + static errno_t + ad_set_sdap_options(struct ad_options *ad_opts, + struct sdap_options *id_opts) +@@ -1079,6 +1096,10 @@ ad_set_sdap_options(struct ad_options *ad_opts, + goto done; + } + ++ if (dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS)) { ++ ad_set_ssf_for_ldaps(id_opts); ++ } ++ + /* Warn if the user is doing something silly like overriding the schema + * with the AD provider + */ +diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h +index 820e06124..d23aee616 100644 +--- a/src/providers/ad/ad_common.h ++++ b/src/providers/ad/ad_common.h +@@ -181,6 +181,8 @@ errno_t + ad_get_dyndns_options(struct be_ctx *be_ctx, + struct ad_options *ad_opts); + ++void ad_set_ssf_for_ldaps(struct sdap_options *id_opts); ++ + struct ad_id_ctx * + ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx); + +diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c +index d8c201437..a9c6b9f28 100644 +--- a/src/providers/ad/ad_subdomains.c ++++ b/src/providers/ad/ad_subdomains.c +@@ -328,6 +328,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, + return ret; + } + ++ if (dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS)) { ++ ad_set_ssf_for_ldaps(ad_options->id); ++ } ++ + ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic, + ad_options->id->basic, + be_ctx->cdb, subdom_conf_path, +-- +2.20.1 + diff --git a/SOURCES/0013-pam_sss-Add-missing-colon-to-the-PIN-prompt.patch b/SOURCES/0013-pam_sss-Add-missing-colon-to-the-PIN-prompt.patch deleted file mode 100644 index b9c83c6..0000000 --- a/SOURCES/0013-pam_sss-Add-missing-colon-to-the-PIN-prompt.patch +++ /dev/null @@ -1,33 +0,0 @@ -From db46cd0890057be1f72173a2ca2ae040bcf46c9a Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 31 Jul 2019 12:20:42 +0200 -Subject: [PATCH] pam_sss: Add missing colon to the PIN prompt - -This can be noticed in the sudo prompt, when the system is configured -to authenticate users using smart cards. - -Resolves: Pagure#4049 - -Signed-off-by: Jakub Jelen - -Reviewed-by: Sumit Bose ---- - src/sss_client/pam_sss.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c -index 6bcda23da..cfd3e3731 100644 ---- a/src/sss_client/pam_sss.c -+++ b/src/sss_client/pam_sss.c -@@ -1609,7 +1609,7 @@ static int prompt_2fa_single(pam_handle_t *pamh, struct pam_items *pi, - return PAM_SUCCESS; - } - --#define SC_PROMPT_FMT "PIN for %s" -+#define SC_PROMPT_FMT "PIN for %s: " - - #ifndef discard_const - #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) --- -2.20.1 - diff --git a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch new file mode 100644 index 0000000..d470f4e --- /dev/null +++ b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch @@ -0,0 +1,36 @@ +From 007d5b79b7aef67dd843ed9a3b65095faaeb580f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Wed, 22 Jan 2020 09:43:21 +0000 +Subject: [PATCH] BE_REFRESH: Do not try to refresh domains from other backends + +We cannot refresh domains from different sssd_be processes. +We can refresh just subdomains + +Resolves: +https://pagure.io/SSSD/sssd/issue/4142 + +Merges: https://pagure.io/SSSD/sssd/pull-request/4139 + +Reviewed-by: Sumit Bose +--- + src/providers/be_refresh.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c +index 6cce38390..5e43571ce 100644 +--- a/src/providers/be_refresh.c ++++ b/src/providers/be_refresh.c +@@ -385,6 +385,10 @@ static errno_t be_refresh_step(struct tevent_req *req) + if (state->index == BE_REFRESH_TYPE_SENTINEL) { + state->domain = get_next_domain(state->domain, + SSS_GND_DESCEND); ++ /* we can update just subdomains */ ++ if (state->domain != NULL && !IS_SUBDOMAIN(state->domain)) { ++ break; ++ } + state->index = 0; + continue; + } +-- +2.20.1 + diff --git a/SOURCES/0014-pam-make-sure-p11_child.log-has-the-right-permission.patch b/SOURCES/0014-pam-make-sure-p11_child.log-has-the-right-permission.patch deleted file mode 100644 index 5b723b4..0000000 --- a/SOURCES/0014-pam-make-sure-p11_child.log-has-the-right-permission.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e9091aba9c0cbcc1f00f5f0656c200554cc485a3 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Fri, 2 Aug 2019 13:44:18 +0200 -Subject: [PATCH 14/16] pam: make sure p11_child.log has the right permissions - -If SSSD runs a unprivileged user we should make sure the log files for -child processes have the right permission so that the child process can -write to them. - -Related to https://pagure.io/SSSD/sssd/issue/4056 - -Reviewed-by: Jakub Hrozek ---- - src/responder/pam/pamsrv.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c -index 38db6fc9b..4f5b9b664 100644 ---- a/src/responder/pam/pamsrv.c -+++ b/src/responder/pam/pamsrv.c -@@ -399,6 +399,15 @@ int main(int argc, const char *argv[]) - } - } - -+ /* server_setup() might switch to an unprivileged user, so the permissions -+ * for p11_child.log have to be fixed first. */ -+ ret = chown_debug_file("p11_child", uid, gid); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot chown the p11_child debug file, " -+ "debugging might not work!\n"); -+ } -+ - ret = server_setup("sssd[pam]", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx); - if (ret != EOK) return 2; - --- -2.20.1 - diff --git a/SOURCES/0015-ssh-make-sure-p11_child.log-has-the-right-permission.patch b/SOURCES/0015-ssh-make-sure-p11_child.log-has-the-right-permission.patch deleted file mode 100644 index 73cc906..0000000 --- a/SOURCES/0015-ssh-make-sure-p11_child.log-has-the-right-permission.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8119ee216a9471ed2f01b16ed17068f5dc8b83cb Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Mon, 5 Aug 2019 17:04:14 +0200 -Subject: [PATCH 15/16] ssh: make sure p11_child.log has the right permissions - -If SSSD runs a unprivileged user we should make sure the log files for -child processes have the right permission so that the child process can -write to them. - -Related to https://pagure.io/SSSD/sssd/issue/4056 - -Reviewed-by: Jakub Hrozek ---- - src/responder/ssh/sshsrv.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c -index ef2c9d01b..07397834c 100644 ---- a/src/responder/ssh/sshsrv.c -+++ b/src/responder/ssh/sshsrv.c -@@ -187,6 +187,16 @@ int main(int argc, const char *argv[]) - - sss_set_logger(opt_logger); - -+ /* server_setup() might switch to an unprivileged user, so the permissions -+ * for p11_child.log have to be fixed first. We might call p11_child to -+ * validate certificates. */ -+ ret = chown_debug_file("p11_child", uid, gid); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot chown the p11_child debug file, " -+ "debugging might not work!\n"); -+ } -+ - ret = server_setup("sssd[ssh]", 0, uid, gid, - CONFDB_SSH_CONF_ENTRY, &main_ctx); - if (ret != EOK) { --- -2.20.1 - diff --git a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch new file mode 100644 index 0000000..54eb096 --- /dev/null +++ b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch @@ -0,0 +1,52 @@ +From 9ba6f33ee78e1c15847f11b8f75f8a8413034875 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= +Date: Tue, 3 Dec 2019 04:13:53 +0100 +Subject: [PATCH] sysdb_sudo: Enable LDAP time format compatibility +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +LDAP specification allows to ommit seconds and minutes +in time border definition. In that case they defaults to zeros. +Current sssd.sudo implementation requires precision up to +seconds in time definition. This commit allows to lower +the precision up to hours. + +Resolves: +https://pagure.io/SSSD/sssd/issue/4118 + +Reviewed-by: Pavel Březina +--- + src/db/sysdb_sudo.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c +index 59d6824c0..18088b017 100644 +--- a/src/db/sysdb_sudo.c ++++ b/src/db/sysdb_sudo.c +@@ -55,6 +55,22 @@ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time) + "%Y%m%d%H%M%S.0%z", + "%Y%m%d%H%M%S,0Z", + "%Y%m%d%H%M%S,0%z", ++ /* LDAP specification says that minutes and seconds ++ might be omitted and in that case these are meant ++ to be treated as zeros [1]. ++ */ ++ "%Y%m%d%H%MZ", /* Discard seconds */ ++ "%Y%m%d%H%M%z", ++ "%Y%m%d%H%M.0Z", ++ "%Y%m%d%H%M.0%z", ++ "%Y%m%d%H%M,0Z", ++ "%Y%m%d%H%M,0%z", ++ "%Y%m%d%HZ", /* Discard minutes and seconds*/ ++ "%Y%m%d%H%z", ++ "%Y%m%d%H.0Z", ++ "%Y%m%d%H.0%z", ++ "%Y%m%d%H,0Z", ++ "%Y%m%d%H,0%z", + NULL}; + + for (format = formats; *format != NULL; format++) { +-- +2.20.1 + diff --git a/SOURCES/0016-BE-make-sure-child-log-files-have-the-right-permissi.patch b/SOURCES/0016-BE-make-sure-child-log-files-have-the-right-permissi.patch deleted file mode 100644 index 77515ac..0000000 --- a/SOURCES/0016-BE-make-sure-child-log-files-have-the-right-permissi.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 9339c445b4b98a28146ff834fec2af42bd3a6340 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Mon, 5 Aug 2019 17:05:00 +0200 -Subject: [PATCH 16/16] BE: make sure child log files have the right - permissions - -If SSSD runs a unprivileged user we should make sure the log files for -child processes have the right permission so that the child process can -write to them. - -Related to https://pagure.io/SSSD/sssd/issue/4056 - -Reviewed-by: Jakub Hrozek ---- - src/providers/data_provider_be.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - -diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c -index 6dce8286d..ce00231ff 100644 ---- a/src/providers/data_provider_be.c -+++ b/src/providers/data_provider_be.c -@@ -554,6 +554,27 @@ done: - return ret; - } - -+static void fix_child_log_permissions(uid_t uid, gid_t gid) -+{ -+ int ret; -+ const char *child_names[] = { "krb5_child", -+ "ldap_child", -+ "selinux_child", -+ "ad_gpo_child", -+ "proxy_child", -+ NULL }; -+ size_t c; -+ -+ for (c = 0; child_names[c] != NULL; c++) { -+ ret = chown_debug_file(child_names[c], uid, gid); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot chown the [%s] debug file, " -+ "debugging might not work!\n", child_names[c]); -+ } -+ } -+} -+ - static void dp_initialized(struct tevent_req *req) - { - struct tevent_signal *tes; -@@ -609,6 +630,8 @@ static void dp_initialized(struct tevent_req *req) - "Cannot chown the debug files, debugging might not work!\n"); - } - -+ fix_child_log_permissions(be_ctx->uid, be_ctx->gid); -+ - ret = become_user(be_ctx->uid, be_ctx->gid); - if (ret != EOK) { - DEBUG(SSSDBG_FUNC_DATA, --- -2.20.1 - diff --git a/SOURCES/0016-zanata-Pulled-new-translations.patch b/SOURCES/0016-zanata-Pulled-new-translations.patch new file mode 100644 index 0000000..34285fa --- /dev/null +++ b/SOURCES/0016-zanata-Pulled-new-translations.patch @@ -0,0 +1,65451 @@ +From 9b5ad094419a8b557477f52d9f59653a30e36aac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20=C5=BDidek?= +Date: Wed, 12 Feb 2020 23:32:46 +0100 +Subject: [PATCH] zanata: Pulled new translations + +--- + po/bg.po | 377 +++++++------ + po/ca.po | 377 +++++++------ + po/de.po | 377 +++++++------ + po/es.po | 395 ++++++------- + po/eu.po | 376 +++++++------ + po/fr.po | 785 ++++++++++++++------------ + po/hu.po | 376 +++++++------ + po/id.po | 377 +++++++------ + po/it.po | 377 +++++++------ + po/ja.po | 503 +++++++++-------- + po/nb.po | 376 +++++++------ + po/nl.po | 377 +++++++------ + po/pl.po | 411 +++++++------- + po/pt.po | 377 +++++++------ + po/pt_BR.po | 376 +++++++------ + po/ru.po | 377 +++++++------ + po/sssd.pot | 376 +++++++------ + po/sv.po | 395 ++++++------- + po/tg.po | 376 +++++++------ + po/tr.po | 376 +++++++------ + po/uk.po | 414 +++++++------- + po/zh_CN.po | 376 +++++++------ + po/zh_TW.po | 377 +++++++------ + src/man/po/br.po | 576 ++++++++++--------- + src/man/po/ca.po | 720 +++++++++++------------- + src/man/po/cs.po | 604 ++++++++++---------- + src/man/po/de.po | 754 +++++++++++-------------- + src/man/po/es.po | 869 ++++++++++++++--------------- + src/man/po/eu.po | 560 ++++++++++--------- + src/man/po/fi.po | 590 ++++++++++---------- + src/man/po/fr.po | 740 +++++++++++-------------- + src/man/po/ja.po | 687 +++++++++++------------ + src/man/po/lv.po | 580 ++++++++++--------- + src/man/po/nl.po | 606 ++++++++++---------- + src/man/po/pt.po | 613 ++++++++++---------- + src/man/po/pt_BR.po | 560 ++++++++++--------- + src/man/po/ru.po | 577 ++++++++++--------- + src/man/po/sssd-docs.pot | 538 ++++++++++-------- + src/man/po/sv.po | 948 ++++++++++++------------------- + src/man/po/tg.po | 572 ++++++++++--------- + src/man/po/uk.po | 1137 ++++++++++++++++++-------------------- + src/man/po/zh_CN.po | 576 ++++++++++--------- + 42 files changed, 11116 insertions(+), 10995 deletions(-) + +diff --git a/po/bg.po b/po/bg.po +index 831ee28b8..fe9b87e90 100644 +--- a/po/bg.po ++++ b/po/bg.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" +@@ -699,7 +699,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP филтър за определяне права на достъп" + +@@ -770,737 +770,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Адрес на Kerberos сървър" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos област" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Директория за съхранение на кеша за данни за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Местоположение на кеша за данни за удостоверяване на потребители" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Местоположение на keytab за валидиране на данните за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Разреши проверката на данните за удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Записва паролата ако е офлайн за по-късно удостоверяване" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI на LDAP сървъра" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Базовият DN по подразбиране" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Използваният тип схема на LDAP сървъра, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Подразбиращият се bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Продължителност на опитите за свързване" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Продължителност на опитите за синхронни LDAP операции" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Продължителност на времето между опитите за връзка докато е офлайн" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл, съдържащ CA сертификати" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Път до директорията на CA сертификат" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Изисква TLS проверка на сертификат" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Задава за използване механизма sasl" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Задаване на sasl authorization id за употреба" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Задаване на sasl authorization id за употреба" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "keytab на Kerberos услуга" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Ползвай Kerberos auth за LDAP връзка" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Следвай LDAP референциите" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Продължителност на живот на TGT за LDAP връзка" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Продължителност на време за изчакване на заявка за търсене" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Продължителност на време между актуализации на изброяване" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Изисква TLS за ИД справките" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "атрибут Потребителско име" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "атрибут UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "атрибут Първичен GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "атрибут GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "атрибут Домашна директория" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "атрибут Команден интерпретатор" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "атрибут User principal (за Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Пълно име" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "атрибут членНа" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "атрибут Момент на промяна" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Политика за определяне срок на валидност на парола" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Списък разрешени потребители, разделени със запетая" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Списък забранени потребители, разделени със запетая" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Подразбиращ се команден интерпретатор, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Място за домашните директории" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ca.po b/po/ca.po +index c0127b109..a7a8f9b34 100644 +--- a/po/ca.po ++++ b/po/ca.po +@@ -14,7 +14,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2017-10-15 03:02+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch \n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +@@ -767,7 +767,7 @@ msgid "Active Directory client hostname" + msgstr "Nom d'amfitrió del client d'Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtre LDAP per determinar els privilegis d'accés" + +@@ -855,217 +855,226 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adreça del servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adreça del servidor Kerberos de reserva" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reialme Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Temps d'expiració de l'autenticació" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Si es creen els fitxers kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Si es rebutgen les parts de la configuració del krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directori per emmagatzemar la memòria cau de les credencials" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ubicació de la memòria cau de les credencials de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ubicació de la clau per validar les credencials" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Habilita la validació de credencials" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació " + "posterior amb connexió" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Temps de vida renovable del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Temps de vida del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Temps entre les dues comprovacions per a la renovació" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Habilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecciona el principal per utilitzar amb FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Habilita la canonització del principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Habilita els principals empresarials" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Servidor on es troba el servei de canvi de contrasenya si no està al KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, L'URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, L'URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "El DN base per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "El DN de creació del vincle per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + "El tipus del testimoni d'autenticació del DN de creació del vincle per " + "defecte" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Període de temps per intentar una connexió" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Període de temps per intentar operacions LDAP asíncrones" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Període de temps entre els intents per tornar a connectar mentre s'està " + "desconnectat" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Utilitza només majúscules pels noms de reialme" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fitxer que conté els certificats de l'AC" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Camí al directori del certificat de l'AC" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fitxer que conté el certificat de client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fitxer que conté la clau de client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Llista de paquets de xifrat possibles" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requereix verificació de certificat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especifica el mecanisme SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifica l'id. d'autorització SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Especifica el reialme d'autorització SASL a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Taula de claus del servei del Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Segueix les referències LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Temps de vida del TGT per la connexió LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Com desreferenciar els àlies" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nom del servei per a la recerca del servei del DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "El nombre de registres a recuperar en una sola consulta LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "El nombre de membres que han de faltar per activar una de-referència completa" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1073,384 +1082,384 @@ msgstr "" + "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar " + "el nom d'amfitrió durant la creació del vincle SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "L'atribut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "L'atribut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de " + "desconnectar" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Inhabilita el control de paginació LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Inhabilita la recuperació de l'interval de l'Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Període de temps per esperar una petició de cerca" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Període de temps per esperar una petició d'enumeració" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Període de temps entre les actualitzacions de les enumeracions" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Període de temps entre les neteges de la memòria cau" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requereix TLS per a la recerca d'id." + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base per a la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Abast de la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtre per a la recerca de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass per als usuaris" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "L'atribut nom d'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "L'atribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "L'atribut GID primari" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "L'atribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "L'atribut directori inicial" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "L'atribut shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "L'atribut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "L'atribut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "L'atribut usuari principal (per a Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nom complet" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "L'atribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "L'atribut data de modificació" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "L'atribut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "L'atribut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "L'atribut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "L'atribut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "L'atribut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "L'atribut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "L'atribut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "L'atribut que llista els serveis PAM autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "L'atribut que llista els amfitrions dels servidors autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "L'atribut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "L'atribut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "L'atribut que indica l'activació de les polítiques de contrasenya de servidor" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "L'atribut accountExpires de l'AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "L'atribut userAccountControl de l'AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "L'atribut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "L'atribut loginDisabled del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "L'atribut loginExpirationTime del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "L'atribut loginAllowedTimeMap del NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "L'atribut clau pública SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atribut que conté el certificat X509 de l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Una llista dels atributs extres per baixar juntament amb l'entrada de " + "l'usuari" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN base per a la recerca del grup" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "L'objectclass per als grups" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nom del grup" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Contrasenya del grup" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "L'atribut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "L'atribut membre del grup" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "L'atribut UUID del grup" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "L'atribut data de modificació per als grups" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Tipus del grup i altres senyals" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN base per a la recerca del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "L'objectclass per als grups de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nom de grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "L'atribut membres del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "L'atribut triple del grup de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "L'atribut data de modificació per als grups de xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "DN base per a la recerca del servei" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objectclass per als serveis" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "L'atribut nom del servei" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "L'atribut port del servei" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "L'atribut protocol del servei" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Límit inferior per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Límit superior per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Nombres d'id. per cada porció en l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nom del domini per defecte per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID del domini per defecte per a l'assignació d'id." + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Si s'utilitzen els grups amb testimonis" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Estableix el límit superior per als id. permesos del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN per a les consultes ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Política per avaluar el venciment de la contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1458,23 +1467,23 @@ msgstr "" + "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de " + "contrasenya" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "DN base per a la recerca de les regles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Període d'actualització automàtica completa" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Període d'actualització automàtica intel·ligent" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1482,143 +1491,143 @@ msgstr "" + "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina " + "per filtrar les regles de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de " + "l'amfitrió" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Si s'inclouen les regles que contenen expressions regulars a l'atribut de " + "l'amfitrió" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objectclass de les regles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nom de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut command de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "L'atribut host de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "L'atribut user de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "L'atribut option de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "L'atribut runas de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "L'atribut runasuser de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "L'atribut runasgroup de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "L'atribut notbefore de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "L'atribut notafter de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "L'atribut order de la regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + "Objectclass per a les entrades de les assignacions de l'eina de muntatge " + "automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Llista separada per comes dels usuaris autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Llista separada per comes dels usuaris no autoritzats" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "El shell predeterminat, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base per als directoris inicials" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "El nom de la biblioteca NSS a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Si se cerca el nom del grup canònic des de la memòria cau, si és possible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pila PAM a utilitzar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/de.po b/po/de.po +index 644ede9bf..fc3fecde5 100644 +--- a/po/de.po ++++ b/po/de.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/" +@@ -754,7 +754,7 @@ msgid "Active Directory client hostname" + msgstr "Hostname des Active-Directory-Clients" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-Filter zum Bestimmen der Zugriffsprivilegien" + +@@ -825,213 +825,222 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-Serveradresse" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adresse des Ersatz-Kerberos-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-Realm" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Zeitüberschreitung bei Authentifizierung" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Gibt an, ob kdcinfo-Dateien angelegt werden" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Verzeichnis zum Speichern der Anmeldedaten" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ort des Zwischenspeichers für die Anmeldedaten des Benutzers" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ort der Schlüsseltabelle zum Überprüfen von Anmeldedaten" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Validierung der Anmeldedaten aktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Passwort im Offline-Modus für spätere Online-Anmeldung speichern" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Erneuerung der Lebensdauer des TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Lebensdauer des TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Zeitspanne zwischen zwei Prüfungen, ob Erneuerung nötig ist" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Aktiviert FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Wählt den für FAST zu verwendenden Principal aus" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Aktiviert Kanonisierung des Principals" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Enterprise-Principals aktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server, auf dem der Dienst zum Ändern des Passworts läuft, falls nicht KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, die URI des LDAP-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, die URI des LDAP-Servers" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Vorgegebene Basis-DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Der vom LDAP-Server verwendete Schema-Typ gemäß RFC2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Vorgegebene Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typ des Authentifizierungs-Tokens der vorgegebenen Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Authentifizierungs-Token für die vorgegebene Bind-DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Zeitspanne für einen Verbindungsversuch" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Zeitspanne für Versuche zur Ausführung synchroner LDAP-Vorgänge" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Zeitspanne zwischen Versuchen zum erneuten Verbindungsaufbau im Offline-Modus" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Nur Großschreibung für Realm-Namen verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Datei, die CA-Zertifikate enthält" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Pfad zum CA-Zertifikatverzeichnis" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Datei, die das Client-Zertifikat enthält" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Datei, die den Client-Schlüssel enthält" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Liste der möglichen Verschlüsselungs-Suites" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS-Zertifikatüberprüfung erforderlich machen" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Zu verwendenden sasl-Mechanismus angeben" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Zu verwendende ID für sasl-Authentifizierung angeben" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Zu verwendenden Realm für sasl-Authentifizierung angeben" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Schlüsseltabelle des Kerberos-Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Kerberos-Authentifizierung für LDAP-Verbindung verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "LDAP-Verweisen folgen" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Lebensdauer von TGT für LDAP-Verbindung" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Dereferenzierung von Aliasen" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Dienstname für DNS-Service-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Anzahl der in einer einzelnen LDAP-Abfrage zu holenden Datensätze" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Anzahl der Elemente, die fehlen müssen, um eine vollständige " + "Dereferenzierung auszulösen" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1039,383 +1048,383 @@ msgstr "" + "Gibt an, ob die LDAP-Bibliothek eine Rückwärtssuche ausführen soll, um den " + "Rechnernamen während einer SASL-Bindung zu kanonisieren" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Zeitspanne zum Halten einer Verbindung zum LDAP-Server, bis diese " + "unterbrochen wird" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "LDAP-Paging-Steuerung deaktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Bereichsermittlung für Active Directory deaktivieren" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Zeitspanne zum Warten auf eine Suchanfrage" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Zeitspanne zum Warten auf eine Auflistungsanfrage" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Zeitspanne zwischen Auflistungsanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Zeitspanne zwischen den Leerungen des Zwischenspeichers" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS für ID-Suchvorgänge erforderlich machen" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "ID-Zuweisung von objectSID anstelle von voreingestellten IDs verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Basis-DN für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Bereich für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter für Benutzer-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objektklasse für Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Benutzername-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primäres GID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Home-Verzeichnis-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID -Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Active-Directory-Primärgruppen-Attribut für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Principal-Attribut verwenden (für Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Vollständiger Name" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Änderungszeit-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut, welches die autorisierten PAM-Dienste auflistet" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribut, welches die autorisierten Server-Hosts auflistet" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Attribut, welches angibt, dass die serverseitigen Passwortregeln aktiv sind" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "accountExpires-Attribut von AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "userAccountControl-Attribut von AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap-Attribut von NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut für öffentlichen SSH-Schlüssel" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Eine Liste der zusätzlich herunterzuladender Attribute zusammen mit dem " + "Benutzereintrag" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Basis-DN für Gruppen-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objektklasse für Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Gruppenname" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Gruppenpasswort" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Gruppen-ID-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Gruppen-Mitgliedschafts-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Änderungszeit-Attribut für Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typ der Gruppe und weitere Flags" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Basis-DN für Netzgruppen-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objektklasse für Netzgruppen" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Netzgruppenname" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Netzgruppen-Mitglieder-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Netzgruppen-Tripel-Attribut" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Änderungszeit-Attribut für Netzgruppen" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Basis-DN für Dienste-Suchanfragen" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objektklasse für Dienste" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Name-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Port-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Protokoll-Attribut des Dienstes" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Untere Grenze für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Obere Grenze für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Anzahl der IDs für jeden Teil bei der ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "autorid-kompatiblen Algorithmus für ID-Zuweisung verwenden" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Name der Vorgabe-Domain für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID der Vorgabedomain für ID-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Verwendung von Token-Gruppen" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Untere Grenze für zulässige IDs des LDAP-Servers angeben" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Obere Grenze für zulässige IDs des LDAP-Servers angeben" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Regel zum Ermitteln der Ablaufzeit des Passworts" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Attribute, die bei der Ermittlung verwendet werden, ob ein Konto abgelaufen " + "ist" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Regeln für die Ermittlung der Zugriffskontrolle" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI eines LDAP-Servers, wo Passwortänderungen zulässig sind" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "URI eines Ersatz-LDAP-Servers, wo Passwortänderungen zulässig sind" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS-Dienstname für den LDAP-Passwortänderungsserver" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1423,25 +1432,25 @@ msgstr "" + "Gibt an, ob das Attribut ldap_user_shadow_last_change nach einer " + "Passwortänderung aktualisiert werden soll" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Basis-DN für Suchanfragen nach Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Periode für automatische vollständige Aktualisierung" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Periode für bedingte vollständige Aktualisierung" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Gibt an, ob Regeln nach Hostnamen, IP-Adressen oder Netzwerken gefiltert " + "werden sollen" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1449,140 +1458,140 @@ msgstr "" + "Hostnamen und/oder voll ausgeschriebene Domain-Namen dieses Rechners zum " + "Filtern von Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4- oder IPv6-Adressen oder Netzwerk dieses Rechners zum Filtern von sudo-" + "Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die " + "Netzgruppen enthalten" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die reguläre " + "Ausdrücke enthalten" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objektklasse für Sudo-Regeln" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo-Regelname" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Befehlsattribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Host-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Benutzer-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Optionsattribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "runasuser-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "runasgroup-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "notbefore-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "notafter-Attribut der sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Reihenfolge-Attribut der Sudo-Regel" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objektklasse für Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Name-Attribut der Automounter-Zuweisung" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objektklasse für Einträge von Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Schlüssel-Attribut des Automounter-Zuweisungseintrags" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Wert-Attribut des Automounter-Zuweisungseintrags" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Basis-DN für Suchanfragen nach Automounter-Zuweisungen" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Durch Kommata getrennte Liste der erlaubten Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Durch Kommata getrennte Liste der verbotenen Benutzer" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Vorgabeshell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Wurzel für Benutzerverzeichnisse" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Name der zu verwendenden NSS-Bibliothek" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Gibt an, ob wenn möglich im Zwischenspeicher nach dem kanonischen " + "Gruppennamen gesucht werden soll" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Zu verwendender PAM-Stapel" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/es.po b/po/es.po +index d5dee5ecb..d3b5a5eff 100644 +--- a/po/es.po ++++ b/po/es.po +@@ -18,7 +18,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-08-26 09:45+0000\n" + "Last-Translator: Emilio Herrera \n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/" +@@ -794,7 +794,7 @@ msgid "Active Directory client hostname" + msgstr "Nombre de host del cliente de Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtro LDAP para determinar privilegios de acceso" + +@@ -884,215 +884,224 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "Opción para afinar la tarea de renovación de la cuenta de la máquina" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Dirección del servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Dirección del servidor de respaldo Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reinado Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Expiración de la autenticación" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Si se crean ficheros kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Dónde soltar los fragmentos de configuración de krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directorio donde almacenar las credenciales cacheadas" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Ubicación del caché de credenciales del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Ubicación de la tabla de claves para validar las credenciales" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Habilitar la validación de credenciales" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Si se encuentra desconectado, almacena contraseñas para más tarde realizar " + "una autenticación en línea" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "ciclo de vida renovable del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "ciclo de vida del TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "tiempo entre dos comprobaciones para renovación " + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Habilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecciona el principal para su uso por FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Habilita canonicalización principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Permite los principios de la empresa" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + "Un mapeo desde los nombres de usuario a los nombres de principal de Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "El servidor en donde está ejecutándose el servicio de modificación de " + "contraseña, en caso de no ser KDC. " + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, El URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, La URI del servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "DN base predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Modo usado para cambiar la contraseña de usuario" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "El DN Bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "El tipo del token de autenticación del DN bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "El token de autenticación del DN bind predeterminado" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Tiempo durante el que se intentará la conexión" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Use solo el caso superior para nombres reales" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Archivo que contiene los certificados CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Ruta hacia un directorio certificado CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fichero que contiene el certificado de cliente" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fichero que contiene la llave de cliente" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista de posibles suites de cifrado" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requiere la verificación de certificado TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especificar el mecanismo sasl a usar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifique el id de autorización sasl a usar" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Especifica el reinado de autorización sasl a ser utilizado" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Tabla de clave del servicio Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Usar auth Kerberos para la conexión LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguir referencias LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Período de vida del TGT para la conexión LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Como eliminar aliases" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nombre de servicio para busquedas de servicios DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "La cantidad de miembros que deben faltar para desencadenar una deref completa" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1100,389 +1109,389 @@ msgstr "" + "Si la Biblioteca LDAP debería realizar una búsqueda inversa para " + "canonicalizar el nombre del host durante un enlace SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "atributo entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "atributo lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "El período de tiempo máximo para retener una conexión con el servidor LDAP " + "antes de desconectar" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Deshabilita el control de paginación LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Deshabilitar el rango de recuperación Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tiempo máximo a esperar un pedido de búsqueda" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "periodo de espera para solicitud de enumeración" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tiempo en segundos entre las actualizaciones de enumeración" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "periodo de tiempo entre borrados de la caché" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requiere TLS para búsquedas de ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Usar el mapeado ID de objectSID en lugar de las IDs preajustadas" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base para búsquedas de usuario" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Ambito de las búsquedas del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro para las búsquedas del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass para los usuarios" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atributo Username" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atributo GID primario" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atributo Directorio de inicio" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atributo shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Atributo UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Atributo objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Atributo primario del grupo Active Directory para el mapeado de ID" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atributo principal del usuario (para Kerberos) " + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nombre completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atributo hora de modificación" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "atributo shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "atributo shadowMin " + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "atributo shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "atributo shadowWarning " + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "atributo shadowInactive " + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "atributo shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "atributo shadowFlag " + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "listado de atributos de servicios PAM autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Atributo de listado de equipos de servidor autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Atributo listando los rhosts de los servidores autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "atributo krbLastPwdChange " + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "atributo krbPasswordExpiration " + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "atributo indicando que las políticas de contraseña del lado del servidor " + "están activas" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "atributo accountExpires de AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "atributo userAccountControl de AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "atributo nsAccountLock " + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap atributo de NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Atributo de clave pública SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "atributo listando los tipos de autenticación permitidos para un usuario" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atributo conteniendo el certificado X509 del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "atributo que contiene la dirección de correo electrónico del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Una lista de los atributos extra a descargar junto con la entrada del usuario" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN base para busqueda de grupos" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "clase objeto para" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nombre del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Contraseña del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Atributo GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Atributo de miembro del grupo" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Atributo UUID de grupo" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Atributo de modificación de tiempo para los grupos" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Tipo del grupo y otras banderas" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Atributo de miembro de grupo externo LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Máximo nivel de anidamiento que seguirá SSSD" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN base para búsquedas de grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Clases de objetos para grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nombre de grupo de red" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Atributo de miembros de grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Atributo triple de grupo de red" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Atributo de modificación de tiempo para grupos de red" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Base DN para servicio de búsquedas" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Clase de objeto para servicio" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Atributo de nombre de servicio" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Atributo de puerto de servicio" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Atributo de protocolo de servidor" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Límite más bajo para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Límite más alto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Número de IDs por cada trozo cuando se mapean ID" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Usar el algoritmo compatible con autorid para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nombre del dominio por defecto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID del dominio por defecto para el mapeo de ID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Número de trozos secundarios" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Si usar Token-Groups" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Fijar el límite más bajo de IDs permitidas desde el servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + "Fijar el límite más alto para las IDs permitidas desde el servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN para consultas ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Máximas entradas a recuperar durante una solicitud de comodín" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Política para evaluar el vencimiento de la contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Los atributos que deberán ser utilizados para evaluar si una cuenta ha " + "expirado" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + "URI de un servidor LDAP donde se permite la modificación de contraseñas" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI de un servidor de respaldo LDAP donde están permitidos los cambios de " + "contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1490,23 +1499,23 @@ msgstr "" + "Si actualizar el atributo ldap_user_shadow_last_change después de un cambio " + "de contraseña" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Base DN para búsquedas de reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Período de refresco total automático" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Período de refresco inteligente automático" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Si filtrar la reglas por nombre de host, direcciones IP y red" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1514,133 +1523,133 @@ msgstr "" + "Nombres de host y/o nombres de dominio totalmente cualificado de esta " + "máquina para filtrar las reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "Direcciones o red IPv4 o IPv6 de esta máquina para filtrar reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "Si incluir reglas que contienen netgroup en el atributo de host" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Si incluir reglas que contengan expresiones regulares en el atributo de host" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objeto clase para reglas sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nombre de regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Atributo de regla de comando sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Atributo de la regla host de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Atributo de la regla usuario de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Atributo de la regla opción de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Atributo runas de regla sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Atributo de la regla suda runasuser" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Atributo de regla runasgroup de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Atributo de regla notbefore de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Atributo de regla noafter de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Atributo de regla orden de sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objeto clase para mapas automontador" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Atributo de nombre de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objeto clase para entradas de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Atributo de clave de entrada para mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Atributo de valor de entrada para mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Base DN para búsquedas de mapa de automontador" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista separada por comas de usuarios autorizados" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista separada por comas de usuarios prohibidos" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell predeterminado, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base de los directorios de inicio" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Número de hijos proxy prefabricados" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nombre de la biblioteca NSS a usar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Si buscar el nombre canónico del grupo desde el cache si es posible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pila PAM a usar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Ruta de las fuentes del fichero passwd" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Ruta de las fuentes del fichero group" + +@@ -2571,14 +2580,14 @@ msgid "Search by group ID" + msgstr "Búsqueda por ID de grupo" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Incapaz de analizar el nombre %s.\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "El socket SSSD no existe." ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2597,13 +2606,10 @@ msgid "Error while reading configuration directory.\n" + msgstr "" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Fichero %1$s no existe. SSSD usará la configuración predeterminada con " +-"ficheros del suministrador.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +@@ -2620,9 +2626,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Mensajes generados durante la configuración de la fusión: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Configuración usada retazos de ficheros: %u\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2721,9 +2727,8 @@ msgid "Online status: %s\n" + msgstr "Estado en línea: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Mostrar información sobre el servidor activo" ++msgstr "" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +diff --git a/po/eu.po b/po/eu.po +index dce3b6ba4..a0d93d3cf 100644 +--- a/po/eu.po ++++ b/po/eu.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "FAST gaitzen du" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN atributua" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN atributua" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Izen osoa" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange atributua" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin atributua" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax atributua" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning atributua" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive atributua" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire atributua" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag atributua" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange atributua" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration atributua" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "ADren accountExpires atributua" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "ADren userAccountControl atributua" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock atributua" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Talde-izena" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Taldearen pasahitza" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID atributua" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell lehenetsia, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/fr.po b/po/fr.po +index db16ecd39..c3756af43 100644 +--- a/po/fr.po ++++ b/po/fr.po +@@ -9,13 +9,14 @@ + # Mariko Vincent , 2012 + # Jérôme Fenal , 2015. #zanata + # Jérôme Fenal , 2016. #zanata ++# Ludek Janda , 2020. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2016-02-24 03:43+0000\n" +-"Last-Translator: Jérôme Fenal \n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2020-01-14 01:48+0000\n" ++"Last-Translator: Copied by Zanata \n" + "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" + "fr/)\n" + "Language: fr\n" +@@ -45,7 +46,7 @@ msgstr "Écrire les messages de débogage dans les journaux" + + #: src/config/SSSDConfig/__init__.py.in:48 + msgid "Watchdog timeout before restarting service" +-msgstr "" ++msgstr "Délai de surveillance avant le redémarrage du service" + + #: src/config/SSSDConfig/__init__.py.in:49 + msgid "Command to start service" +@@ -67,11 +68,13 @@ msgstr "durée d'inactivité avant la déconnexion automatique d'un client" + + #: src/config/SSSDConfig/__init__.py.in:53 + msgid "Idle time before automatic shutdown of the responder" +-msgstr "" ++msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur" + + #: src/config/SSSDConfig/__init__.py.in:54 + msgid "Always query all the caches before querying the Data Providers" + msgstr "" ++"Interrogez toujours tous les caches avant d'interroger les fournisseurs de " ++"données" + + #: src/config/SSSDConfig/__init__.py.in:57 + msgid "SSSD Services to start" +@@ -113,7 +116,7 @@ msgstr "L'utilisation vers lequel abandonner les privilèges" + + #: src/config/SSSDConfig/__init__.py.in:65 + msgid "Tune certificate verification" +-msgstr "" ++msgstr "Régler la vérification du certificat" + + #: src/config/SSSDConfig/__init__.py.in:66 + msgid "All spaces in group or user names will be replaced with this character" +@@ -123,15 +126,15 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:67 + msgid "Tune sssd to honor or ignore netlink state changes" +-msgstr "" ++msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink" + + #: src/config/SSSDConfig/__init__.py.in:68 + msgid "Enable or disable the implicit files domain" +-msgstr "" ++msgstr "Activer ou désactiver le domaine des fichiers implicites" + + #: src/config/SSSDConfig/__init__.py.in:69 + msgid "A specific order of the domains to be looked up" +-msgstr "" ++msgstr "Un ordre spécifique des domaines à rechercher" + + #: src/config/SSSDConfig/__init__.py.in:72 + msgid "Enumeration cache timeout length (seconds)" +@@ -150,7 +153,7 @@ msgstr "Délai d'attente du cache négatif (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:75 + msgid "Files negative cache timeout length (seconds)" +-msgstr "" ++msgstr "Délai d'attente du cache négatif (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:76 + msgid "Users that SSSD should explicitly ignore" +@@ -214,7 +217,7 @@ msgstr "Durée de maintien en cache des enregistrements valides" + + #: src/config/SSSDConfig/__init__.py.in:88 + msgid "List of user attributes the NSS responder is allowed to publish" +-msgstr "" ++msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier" + + #: src/config/SSSDConfig/__init__.py.in:91 + msgid "How long to allow cached logins between online logins (days)" +@@ -242,7 +245,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:95 + msgid "Filter PAM responses sent to the pam_sss" +-msgstr "" ++msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss" + + #: src/config/SSSDConfig/__init__.py.in:96 + msgid "How many seconds to keep identity information cached for PAM requests" +@@ -272,36 +275,40 @@ msgstr "Message affiché lorsque le compte a expiré" + + #: src/config/SSSDConfig/__init__.py.in:101 + msgid "Message printed when user account is locked." +-msgstr "" ++msgstr "Message affiché lorsque le compte a expiré" + + #: src/config/SSSDConfig/__init__.py.in:102 + msgid "Allow certificate based/Smartcard authentication." +-msgstr "" ++msgstr "Autoriser l'authentification par certificat/carte à puce." + + #: src/config/SSSDConfig/__init__.py.in:103 + msgid "Path to certificate database with PKCS#11 modules." + msgstr "" ++"Chemin d'accès à la base de données des certificats des modules PKCS#11." + + #: src/config/SSSDConfig/__init__.py.in:104 + msgid "How many seconds will pam_sss wait for p11_child to finish" +-msgstr "" ++msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child" + + #: src/config/SSSDConfig/__init__.py.in:105 + msgid "Which PAM services are permitted to contact application domains" + msgstr "" ++"Quels services PAM sont autorisés à contacter les domaines d'application" + + #: src/config/SSSDConfig/__init__.py.in:106 + msgid "Allowed services for using smartcards" +-msgstr "" ++msgstr "Services autorisés pour l'utilisation de cartes à puce" + + #: src/config/SSSDConfig/__init__.py.in:107 + msgid "Additional timeout to wait for a card if requested" +-msgstr "" ++msgstr "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé" + + #: src/config/SSSDConfig/__init__.py.in:108 + msgid "" + "PKCS#11 URI to restrict the selection of devices for Smartcard authentication" + msgstr "" ++"URI PKCS#11 pour limiter la sélection des périphériques pour " ++"l'authentification par carte à puce" + + #: src/config/SSSDConfig/__init__.py.in:111 + msgid "Whether to evaluate the time-based attributes in sudo rules" +@@ -309,13 +316,15 @@ msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sud + + #: src/config/SSSDConfig/__init__.py.in:112 + msgid "If true, SSSD will switch back to lower-wins ordering logic" +-msgstr "" ++msgstr "Si sur true, SSSD repasse en logique de commande à faible gain" + + #: src/config/SSSDConfig/__init__.py.in:113 + msgid "" + "Maximum number of rules that can be refreshed at once. If this is exceeded, " + "full refresh is performed." + msgstr "" ++"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de " ++"dépassement, un rafraîchissement complet est effectué." + + #: src/config/SSSDConfig/__init__.py.in:119 + msgid "Whether to hash host names and addresses in the known_hosts file" +@@ -332,17 +341,19 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:121 + msgid "Path to storage of trusted CA certificates" +-msgstr "" ++msgstr "Chemin d'accès au stockage des certificats d'AC de confiance" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Permet de générer des ssh-keys à partir de certificats" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Utilisez les règles de correspondance suivantes pour filtrer les certificats " ++"pour la génération de clés ssh" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -351,7 +362,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:127 + msgid "How long the PAC data is considered valid" +-msgstr "" ++msgstr "Durée de validité des données du PAC" + + #: src/config/SSSDConfig/__init__.py.in:130 + msgid "List of UIDs or user names allowed to access the InfoPipe responder" +@@ -365,83 +376,94 @@ msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier" + + #: src/config/SSSDConfig/__init__.py.in:134 + msgid "The provider where the secrets will be stored in" +-msgstr "" ++msgstr "Le fournisseur où les secrets seront stockés" + + #: src/config/SSSDConfig/__init__.py.in:135 + msgid "The maximum allowed number of nested containers" +-msgstr "" ++msgstr "Le nombre maximal de conteneurs imbriqués autorisés" + + #: src/config/SSSDConfig/__init__.py.in:136 + msgid "The maximum number of secrets that can be stored" +-msgstr "" ++msgstr "Le nombre maximum de secrets qui peuvent être stockés" + + #: src/config/SSSDConfig/__init__.py.in:137 + msgid "The maximum number of secrets that can be stored per UID" +-msgstr "" ++msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID" + + #: src/config/SSSDConfig/__init__.py.in:138 + msgid "The maximum payload size of a secret in kilobytes" +-msgstr "" ++msgstr "La taille maximale de la charge utile d'un secret en kilo-octets" + + #: src/config/SSSDConfig/__init__.py.in:140 + msgid "The URL Custodia server is listening on" +-msgstr "" ++msgstr "L'URL du serveur Custodia est en écoute sur" + + #: src/config/SSSDConfig/__init__.py.in:141 + msgid "The method to use when authenticating to a Custodia server" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia" + + #: src/config/SSSDConfig/__init__.py.in:142 + msgid "" + "The name of the headers that will be added into a HTTP request with the " + "value defined in auth_header_value" + msgstr "" ++"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur " ++"définie dans auth_header_value" + + #: src/config/SSSDConfig/__init__.py.in:143 + msgid "The value sssd-secrets would use for auth_header_name" +-msgstr "" ++msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name" + + #: src/config/SSSDConfig/__init__.py.in:144 + msgid "" + "The list of the headers to forward to the Custodia server together with the " + "request" + msgstr "" ++"La liste des en-têtes à transmettre au serveur Custodia avec la requête" + + #: src/config/SSSDConfig/__init__.py.in:145 + msgid "" + "The username to use when authenticating to a Custodia server using basic_auth" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia " ++"utilisant basic_auth" + + #: src/config/SSSDConfig/__init__.py.in:146 + msgid "" + "The password to use when authenticating to a Custodia server using basic_auth" + msgstr "" ++"La méthode à utiliser lors de l'authentification via un serveur Custodia " ++"utilisant basic_auth" + + #: src/config/SSSDConfig/__init__.py.in:147 + msgid "If true peer's certificate is verified if proxy_url uses https protocol" + msgstr "" ++"Le certificat pair true est vérifié si proxy_url utilise le protocole https" + + #: src/config/SSSDConfig/__init__.py.in:148 + msgid "" + "If false peer's certificate may contain different hostname than proxy_url " + "when https protocol is used" + msgstr "" ++"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url " ++"lorsque le protocole https est utilisé" + + #: src/config/SSSDConfig/__init__.py.in:149 + msgid "Path to directory where certificate authority certificates are stored" +-msgstr "" ++msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA" + + #: src/config/SSSDConfig/__init__.py.in:150 + msgid "Path to file containing server's CA certificate" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur" + + #: src/config/SSSDConfig/__init__.py.in:151 + msgid "Path to file containing client's certificate" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant le certificat du client" + + #: src/config/SSSDConfig/__init__.py.in:152 + msgid "Path to file containing client's private key" +-msgstr "" ++msgstr "Chemin d'accès au fichier contenant la clé privée du client" + + #: src/config/SSSDConfig/__init__.py.in:155 + msgid "Identity provider" +@@ -473,15 +495,15 @@ msgstr "Fournisseur d'identité de l'hôte" + + #: src/config/SSSDConfig/__init__.py.in:162 + msgid "SELinux provider" +-msgstr "" ++msgstr "Fournisseur SELinux" + + #: src/config/SSSDConfig/__init__.py.in:163 + msgid "Session management provider" +-msgstr "" ++msgstr "Fournisseur de gestion de session" + + #: src/config/SSSDConfig/__init__.py.in:166 + msgid "Whether the domain is usable by the OS or by applications" +-msgstr "" ++msgstr "Si le domaine est utilisable par l'OS ou par des applications" + + #: src/config/SSSDConfig/__init__.py.in:167 + msgid "Minimum user ID" +@@ -533,10 +555,14 @@ msgid "" + "How long should SSSD talk to single DNS server before trying next server " + "(miliseconds)" + msgstr "" ++"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant " ++"d'essayer le serveur suivant (en millisecondes)" + + #: src/config/SSSDConfig/__init__.py.in:177 + msgid "How long should keep trying to resolve single DNS query (seconds)" + msgstr "" ++"Combien de temps faut-il continuer à essayer de résoudre une seule requête " ++"DNS (en secondes)" + + #: src/config/SSSDConfig/__init__.py.in:178 + msgid "How long to wait for replies from DNS when resolving servers (seconds)" +@@ -598,7 +624,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:196 + msgid "Override the DNS server used to perform the DNS update" +-msgstr "" ++msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS" + + #: src/config/SSSDConfig/__init__.py.in:197 + msgid "Control enumeration of trusted domains" +@@ -614,15 +640,18 @@ msgstr "Listes des options qui doivent être héritées dans le sous-domaine" + + #: src/config/SSSDConfig/__init__.py.in:200 + msgid "Default subdomain homedir value" +-msgstr "" ++msgstr "Valeur par défaut du sous-domaine homedir" + + #: src/config/SSSDConfig/__init__.py.in:201 + msgid "How long can cached credentials be used for cached authentication" + msgstr "" ++"Combien de temps les informations d'identification en cache peuvent-elles " ++"être utilisées pour l'authentification en cache" + + #: src/config/SSSDConfig/__init__.py.in:204 + msgid "Whether to automatically create private groups for users" + msgstr "" ++"S'il faut créer automatiquement des groupes privés pour les utilisateurs" + + #: src/config/SSSDConfig/__init__.py.in:207 + msgid "IPA domain" +@@ -716,19 +745,23 @@ msgstr "Classe d'objet surchargeant les groupes" + + #: src/config/SSSDConfig/__init__.py.in:229 + msgid "Search base for Desktop Profile related objects" +-msgstr "" ++msgstr "Base de recherche pour les objets liés au Profil du Bureau" + + #: src/config/SSSDConfig/__init__.py.in:230 + msgid "" + "The amount of time in seconds between lookups of the Desktop Profile rules " + "against the IPA server" + msgstr "" ++"Le temps, en secondes, entre les consultations des règles du profil du " ++"bureau sur le serveur IPA" + + #: src/config/SSSDConfig/__init__.py.in:231 + msgid "" + "The amount of time in minutes between lookups of Desktop Profiles rules " + "against the IPA server when the last request did not find any rule" + msgstr "" ++"Le temps en minutes entre les consultations des règles de profile de bureau " ++"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle" + + #: src/config/SSSDConfig/__init__.py.in:234 + msgid "Active Directory domain" +@@ -736,7 +769,7 @@ msgstr "Domaine Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:235 + msgid "Enabled Active Directory domains" +-msgstr "" ++msgstr "Domaine d’Active Directory activés" + + #: src/config/SSSDConfig/__init__.py.in:236 + msgid "Active Directory server address" +@@ -751,7 +784,7 @@ msgid "Active Directory client hostname" + msgstr "Nom de système du client Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtre LDAP pour déterminer les autorisations d'accès" + +@@ -835,220 +868,232 @@ msgstr "un site particulier utilisé par le client" + msgid "" + "Maximum age in days before the machine account password should be renewed" + msgstr "" ++"Âge maximum en jours avant que le mot de passe du compte de la machine ne " ++"soit renouvelé" + + #: src/config/SSSDConfig/__init__.py.in:254 + msgid "Option for tuning the machine account renewal task" ++msgstr "Option de réglage de la tâche de renouvellement du compte machine" ++ ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adresse du serveur Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adresse du serveur Kerberos de secours" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Domaine Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Délai avant expiration de l'authentification" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Choisir de créer ou non les fichiers kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Où déposer les extraits de configuration krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Répertoire pour stocker les caches de crédits" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Emplacement du cache de crédits de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Emplacement du fichier keytab de validation des crédits" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Activer la validation des crédits" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure " + "en ligne" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Durée de vie renouvelable du TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Durée de vie du TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Durée entre deux vérifications pour le renouvellement" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Active FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Sélectionne le principal à utiliser avec FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Active la canonisation du principal" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Active les principals d'entreprise" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" ++"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Serveur où tourne le service de changement de mot de passe s'il n'est pas " + "sur le KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, l'adresse du serveur LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, l'URI du serveur LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "La base DN par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" +-msgstr "" ++msgstr "Mode utilisé pour modifier le mot de passe utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Le DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Le type de jeton d'authentification du DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Le jeton d'authentification du DN de connexion par défaut" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Durée pendant laquelle il sera tenté d'établir la connexion" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "N'utiliser que des majuscules pour les noms de domaine" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fichier contenant les certificats des CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Chemin vers le répertoire de certificats des CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fichier contenant le certificat client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fichier contenant la clé du client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Liste des suites de chiffrement possibles" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Requiert une vérification de certificat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Spécifier le mécanisme SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Spécifier l'identité d'authorisation SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Spécifier le domaine d'authorisation SASL à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Service du fichier keytab de Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Suivre les référents LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Durée de vie du TGT pour la connexion LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Comment déréférencer les alias" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nom du service pour les recherches DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Nombre de membres qui doivent être manquants pour activer un déréférencement " + "complet" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1056,389 +1101,389 @@ msgstr "" + "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le " + "nom d'hôte pendant une connexion SASL ?" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "attribut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "attribut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Combien de temps conserver la connexion au serveur LDAP avant de se " + "déconnecter" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Désactiver le contrôle des pages LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Désactiver la récupération de plage Active Directory." + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Durée d'attente pour une requête de recherche" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Durée d'attente pour une requête d'énumération" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Durée entre deux mises à jour d'énumération" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Durée entre les nettoyages de cache" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS est requis pour les recherches d'identifiants" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-" + "établis" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN pour les recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Scope des recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtre pour les recherches d'utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Classe d'objet pour les utilisateurs" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Attribut de nom d'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Attribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Attribut de GID primaire" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Attribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Attribut de répertoire utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Attribut d'interpréteur de commandes" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "attribut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "attribut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Groupe primaire Active Directory pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Attribut d'utilisateur principal (pour Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nom complet" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Attribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Attribut de date de modification" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Attribut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Attribut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Attribut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Attribut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Attribut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Attribut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Attribut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut listant les services PAM autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" +-msgstr "Attribut listant les systèmes serveurs autorisés" ++msgstr "Attribut listant les hôtes de serveurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" +-msgstr "" ++msgstr "Attribut listant les rhosts de serveurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Attribut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Attribut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Attribut indiquant que la stratégie de mot de passe du serveur est active" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Attribut AD accountExpires" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Attribut AD userAccountControl" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Attribut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Attribut NDS loginDisabled" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Attribut NDS loginExpirationTime" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Attribut NDS loginAllowedTimeMap" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut de clé public SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "attribut énumérant les types d'authentification autorisés pour un utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "attribut contenant le certificat X509 de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" +-msgstr "" ++msgstr "attribut contenant l’adresse email de l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Une liste des attributs supplémentaires à télécharger avec l'entrée de " + "l'utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "DN de base pour les recherches de groupes" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Classe d'objet pour les groupes" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nom du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Mot de passe du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Attribut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Attribut membre du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "attribut de l'UUID du groupe" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Attribut de date de modification pour les groupes" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Type de groupe et autres indicateurs" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" +-msgstr "" ++msgstr "L'attribut de membre externe du groupe LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" +-msgstr "" ++msgstr "Le niveau d'imbrication maximal du SSSD suivra" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "DN de base pour les recherches de netgroup" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Classe d'objet pour les groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nom du groupe réseau" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Attribut des membres des groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Attribut triplet du groupe réseau" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Attribut date de modification pour les groupes réseau" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Nom de domaine (DN) de base pour les recherches de service" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Classe objet pour les services" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Attribut de nom de service" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Attribut de port du service" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Attribut de service du protocole" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Limite inférieure pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Limite supérieure pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Nombre d'ID par tranche pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nom du domaine par défaut pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID du domaine par défaut pour la correspondance d'ID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" +-msgstr "" ++msgstr "Nombre de tranches secondaires" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Choisir d'utiliser ou non les groupes de jetons" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN pour les requêtes sur ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" +-msgstr "" ++msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Stratégie d'évaluation de l'expiration du mot de passe" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Quels attributs utiliser pour déterminer si un compte a expiré" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot " + "de passe" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1446,23 +1491,23 @@ msgstr "" + "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un " + "changement de mot de passe" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Périodicité de rafraichissement total" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Périodicité de rafraichissement intelligent" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1470,139 +1515,140 @@ msgstr "" + "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour " + "filtrer les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles " + "sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Inclure ou non les règles qui contiennent une expression rationnelle dans " + "l'attribut host" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Classe objet pour les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" ++"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Règle de nom sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut de commande de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Attribut hôte de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Attribut utilisateur de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Attribut option de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Attribut de règle sudo runas" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Attribut runasuser de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Attribut runasgroup de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Attribut notbefore de la règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Attribut notafter de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Attribut d'ordre de règle sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Classe objet pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Nom de l'attribut de carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Classe objet pour l'entrée de référence de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Attribut de clé d'entrée pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Attribut de valeur pour la carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Base DN pour les requêtes de carte de montage automatique" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Liste, séparée par des virgules, d'utilisateurs interdits" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Interpréteur de commande par défaut : /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base pour les répertoires utilisateur" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." +-msgstr "" ++msgstr "Le nombre d'enfants proxy pré-fourche." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nom de la bibliothèque NSS à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Rechercher le nom canonique du groupe dans le cache si possible" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Pile PAM à utiliser" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." +-msgstr "" ++msgstr "Chemin des sources des fichiers passwd." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." +-msgstr "" ++msgstr "Chemin des sources des fichiers de groupe." + + #: src/monitor/monitor.c:2355 + msgid "Become a daemon (default)" +@@ -1614,7 +1660,7 @@ msgstr "Fonctionner en interactif (non démon)" + + #: src/monitor/monitor.c:2360 + msgid "Disable netlink interface" +-msgstr "" ++msgstr "Désactiver l'interface netlink" + + #: src/monitor/monitor.c:2362 src/tools/sssctl/sssctl_logs.c:311 + msgid "Specify a non-default config file" +@@ -1622,11 +1668,11 @@ msgstr "Définir un fichier de configuration différent de celui par défaut" + + #: src/monitor/monitor.c:2364 + msgid "Refresh the configuration database, then exit" +-msgstr "" ++msgstr "Rafraîchissez la base de données de configuration, puis quittez" + + #: src/monitor/monitor.c:2367 + msgid "Similar to --genconf, but only refreshes the given section" +-msgstr "" ++msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée" + + #: src/monitor/monitor.c:2370 + msgid "Print version number and exit" +@@ -1634,7 +1680,7 @@ msgstr "Afficher le numéro de version et quitte" + + #: src/monitor/monitor.c:2514 + msgid "SSSD is already running\n" +-msgstr "" ++msgstr "SSSD est déjà en cours d'exécution\n" + + #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:624 + msgid "Debug level" +@@ -1666,31 +1712,31 @@ msgstr "Le groupe à utiliser pour la création du ccache FAST" + + #: src/providers/krb5/krb5_child.c:3249 + msgid "Kerberos realm to use" +-msgstr "" ++msgstr "Domaine Kerberos à utiliser" + + #: src/providers/krb5/krb5_child.c:3251 + msgid "Requested lifetime of the ticket" +-msgstr "" ++msgstr "Demande de renouvellement à vie du billet" + + #: src/providers/krb5/krb5_child.c:3253 + msgid "Requested renewable lifetime of the ticket" +-msgstr "" ++msgstr "Demande de renouvellement à vie du billet" + + #: src/providers/krb5/krb5_child.c:3255 + msgid "FAST options ('never', 'try', 'demand')" +-msgstr "" ++msgstr "Options FAST ('never', 'try', 'demand')" + + #: src/providers/krb5/krb5_child.c:3258 + msgid "Specifies the server principal to use for FAST" +-msgstr "" ++msgstr "Spécifie le principal de serveur afin d'utiliser FAST." + + #: src/providers/krb5/krb5_child.c:3260 + msgid "Requests canonicalization of the principal name" +-msgstr "" ++msgstr "Demande la canonisation du nom principal" + + #: src/providers/krb5/krb5_child.c:3262 + msgid "Use custom version of krb5_get_init_creds_password" +-msgstr "" ++msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password" + + #: src/providers/data_provider_be.c:711 + msgid "Domain of the information provider (mandatory)" +@@ -1716,11 +1762,11 @@ msgstr "SSSD n'est pas démarré par root." + + #: src/sss_client/common.c:1091 + msgid "SSSD socket does not exist." +-msgstr "" ++msgstr "La socket SSSD n'existe pas." + + #: src/sss_client/common.c:1094 + msgid "Cannot get stat of SSSD socket." +-msgstr "" ++msgstr "Impossible d'obtenir le stat du socket SSSD." + + #: src/sss_client/common.c:1099 + msgid "An error occurred, but no description can be found." +@@ -1802,7 +1848,7 @@ msgstr "Premier facteur :" + + #: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343 + msgid "Second Factor (optional): " +-msgstr "" ++msgstr "Deuxième facteur (facultatif) : " + + #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346 + msgid "Second Factor: " +@@ -1814,7 +1860,7 @@ msgstr "Mot de passe : " + + #: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345 + msgid "First Factor (Current Password): " +-msgstr "" ++msgstr "Premier facteur (mot de passe actuel) : " + + #: src/sss_client/pam_sss.c:2349 + msgid "Current Password: " +@@ -1864,7 +1910,7 @@ msgstr "Le port à utiliser pour se connecter à l'hôte" + + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 + msgid "Print the host ssh public keys" +-msgstr "" ++msgstr "Imprimer les clés publiques ssh de l'hôte" + + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234 + msgid "Invalid port\n" +@@ -1881,7 +1927,7 @@ msgstr "Le chemin vers la commande de proxy doit être absolue\n" + #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324 + #, c-format + msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n" +-msgstr "" ++msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n" + + #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 + msgid "The UID of the user" +@@ -2342,7 +2388,7 @@ msgstr "Impossible d'invalider %1$s %2$s\n" + + #: src/tools/sss_cache.c:721 + msgid "Invalidate all cached entries" +-msgstr "" ++msgstr "Invalidez toutes les entrées en cache" + + #: src/tools/sss_cache.c:723 + msgid "Invalidate particular user" +@@ -2394,11 +2440,11 @@ msgstr "Invalider tous les hôtes SSH" + + #: src/tools/sss_cache.c:752 + msgid "Invalidate particular sudo rule" +-msgstr "" ++msgstr "Invalider une règle sudo particulière" + + #: src/tools/sss_cache.c:754 + msgid "Invalidate all cached sudo rules" +-msgstr "" ++msgstr "Invalider toutes les règles sudo en cache" + + #: src/tools/sss_cache.c:757 + msgid "Only invalidate entries from a particular domain" +@@ -2409,6 +2455,8 @@ msgid "" + "Unexpected argument(s) provided, options that invalidate a single object " + "only accept a single provided argument.\n" + msgstr "" ++"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet " ++"n'acceptent qu'un seul argument fourni.\n" + + #: src/tools/sss_cache.c:821 + msgid "Please select at least one object to invalidate\n" +@@ -2445,298 +2493,307 @@ msgstr "%1$s doit être lancé en tant que root\n" + + #: src/tools/sssctl/sssctl.c:35 + msgid "yes" +-msgstr "" ++msgstr "oui" + + #: src/tools/sssctl/sssctl.c:37 + msgid "no" +-msgstr "" ++msgstr "non" + + #: src/tools/sssctl/sssctl.c:39 + msgid "error" +-msgstr "" ++msgstr "erreur" + + #: src/tools/sssctl/sssctl.c:42 + msgid "Invalid result." +-msgstr "" ++msgstr "Résultat non valide." + + #: src/tools/sssctl/sssctl.c:78 + msgid "Unable to read user input\n" +-msgstr "" ++msgstr "Impossible de lire l'entrée de l'utilisateur\n" + + #: src/tools/sssctl/sssctl.c:91 + #, c-format + msgid "Invalid input, please provide either '%s' or '%s'.\n" +-msgstr "" ++msgstr "Entrée non valable, veuillez fournir %s ou %s\n" + + #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114 + msgid "Error while executing external command\n" +-msgstr "" ++msgstr "Erreur lors de l'exécution d'une commande externe\n" + + #: src/tools/sssctl/sssctl.c:156 + msgid "SSSD needs to be running. Start SSSD now?" +-msgstr "" ++msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?" + + #: src/tools/sssctl/sssctl.c:195 + msgid "SSSD must not be running. Stop SSSD now?" + msgstr "" ++"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?" + + #: src/tools/sssctl/sssctl.c:231 + msgid "SSSD needs to be restarted. Restart SSSD now?" +-msgstr "" ++msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?" + + #: src/tools/sssctl/sssctl_cache.c:31 + #, c-format + msgid " %s is not present in cache.\n" +-msgstr "" ++msgstr " %s n'est pas présent dans le cache.\n" + + #: src/tools/sssctl/sssctl_cache.c:33 + msgid "Name" +-msgstr "" ++msgstr "Nom" + + #: src/tools/sssctl/sssctl_cache.c:34 + msgid "Cache entry creation date" +-msgstr "" ++msgstr "Date de création de l'entrée en cache" + + #: src/tools/sssctl/sssctl_cache.c:35 + msgid "Cache entry last update time" +-msgstr "" ++msgstr "Heure de la dernière mise à jour de l'entrée du cache" + + #: src/tools/sssctl/sssctl_cache.c:36 + msgid "Cache entry expiration time" +-msgstr "" ++msgstr "Temps d'expiration de l'entrée du cache" + + #: src/tools/sssctl/sssctl_cache.c:37 + msgid "Cached in InfoPipe" +-msgstr "" ++msgstr "Mise en cache dans InfoPipe" + + #: src/tools/sssctl/sssctl_cache.c:522 + #, c-format + msgid "Error: Unable to get object [%d]: %s\n" +-msgstr "" ++msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n" + + #: src/tools/sssctl/sssctl_cache.c:538 + #, c-format + msgid "%s: Unable to read value [%d]: %s\n" +-msgstr "" ++msgstr "%s: Impossible de lire la valeur [%d] : %s\n" + + #: src/tools/sssctl/sssctl_cache.c:566 + msgid "Specify name." +-msgstr "" ++msgstr "Indiquez le nom." + + #: src/tools/sssctl/sssctl_cache.c:576 + #, c-format + msgid "Unable to parse name %s.\n" +-msgstr "" ++msgstr "Impossible d'analyser le nom %s.\n" + + #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649 + msgid "Search by SID" +-msgstr "" ++msgstr "Recherche par SID" + + #: src/tools/sssctl/sssctl_cache.c:603 + msgid "Search by user ID" +-msgstr "" ++msgstr "Recherche par ID utilisateur" + + #: src/tools/sssctl/sssctl_cache.c:612 + msgid "Initgroups expiration time" +-msgstr "" ++msgstr "Délai d'expiration des initgroups" + + #: src/tools/sssctl/sssctl_cache.c:650 + msgid "Search by group ID" +-msgstr "" ++msgstr "Recherche par ID de groupe" + + #: src/tools/sssctl/sssctl_config.c:70 + #, c-format + msgid "Failed to open %s\n" +-msgstr "" ++msgstr "N’a pas pu ouvrir %s\n" + + #: src/tools/sssctl/sssctl_config.c:75 + #, c-format + msgid "File %1$s does not exist.\n" +-msgstr "" ++msgstr "Le fichier %1$s n’existe pas.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" + "File ownership and permissions check failed. Expected root:root and 0600.\n" + msgstr "" ++"La vérification de la propriété et des permissions des fichiers a échoué. " ++"Attendue : root:root et 0600.\n" + + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Echec du chargement de la configuration à partir de %s.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Erreur lors de la lecture du répertoire de configuration.\n" + + #: src/tools/sssctl/sssctl_config.c:99 + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" ++"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut " ++"avec le fournisseur de fichiers.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Échec de l'exécution des validateurs" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format + msgid "Issues identified by validators: %zu\n" +-msgstr "" ++msgstr "Problèmes identifiés par les validateurs : %zu\n" + + #: src/tools/sssctl/sssctl_config.c:126 + #, c-format + msgid "Messages generated during configuration merging: %zu\n" +-msgstr "" ++msgstr "Messages générés lors de la fusion des configurations : %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 + #, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "" ++msgstr "Fichiers de configuration utilisés : %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format + msgid "Unable to create backup directory [%d]: %s" +-msgstr "" ++msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s" + + #: src/tools/sssctl/sssctl_data.c:95 + msgid "SSSD backup of local data already exists, override?" +-msgstr "" ++msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?" + + #: src/tools/sssctl/sssctl_data.c:111 + msgid "Unable to export user overrides\n" +-msgstr "" ++msgstr "Impossible d'exporter les substitutions d'utilisateur\n" + + #: src/tools/sssctl/sssctl_data.c:118 + msgid "Unable to export group overrides\n" +-msgstr "" ++msgstr "Impossible d'exporter les substitutions de groupes\n" + + #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217 + msgid "Override existing backup" +-msgstr "" ++msgstr "Remplacer la sauvegarde existante" + + #: src/tools/sssctl/sssctl_data.c:164 + msgid "Unable to import user overrides\n" +-msgstr "" ++msgstr "Impossible d'importer les substitutions d'utilisateur\n" + + #: src/tools/sssctl/sssctl_data.c:173 + msgid "Unable to import group overrides\n" +-msgstr "" ++msgstr "Impossible d'importer les substitutions de groupes\n" + + #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82 + #: src/tools/sssctl/sssctl_domains.c:328 + msgid "Start SSSD if it is not running" +-msgstr "" ++msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution" + + #: src/tools/sssctl/sssctl_data.c:195 + msgid "Restart SSSD after data import" +-msgstr "" ++msgstr "Redémarrer SSSD après l'importation des données" + + #: src/tools/sssctl/sssctl_data.c:218 + msgid "Create clean cache files and import local data" +-msgstr "" ++msgstr "Créer des fichiers de cache propres et importer des données locales" + + #: src/tools/sssctl/sssctl_data.c:219 + msgid "Stop SSSD before removing the cache" +-msgstr "" ++msgstr "Arrêtez SSSD avant de supprimer le cache" + + #: src/tools/sssctl/sssctl_data.c:220 + msgid "Start SSSD when the cache is removed" +-msgstr "" ++msgstr "Démarrer SSSD lorsque le cache est supprimé" + + #: src/tools/sssctl/sssctl_data.c:235 + msgid "Creating backup of local data...\n" +-msgstr "" ++msgstr "Création d'une sauvegarde des données locales...\n" + + #: src/tools/sssctl/sssctl_data.c:238 + msgid "Unable to create backup of local data, can not remove the cache.\n" + msgstr "" ++"Impossible de créer une sauvegarde des données locales, impossible de " ++"supprimer le cache.\n" + + #: src/tools/sssctl/sssctl_data.c:243 + msgid "Removing cache files...\n" +-msgstr "" ++msgstr "Suppression des fichiers de cache...\n" + + #: src/tools/sssctl/sssctl_data.c:246 + msgid "Unable to remove cache files\n" +-msgstr "" ++msgstr "Impossible de supprimer les fichiers de cache\n" + + #: src/tools/sssctl/sssctl_data.c:251 + msgid "Restoring local data...\n" +-msgstr "" ++msgstr "Restauration des données locales...\n" + + #: src/tools/sssctl/sssctl_domains.c:83 + msgid "Show domain list including primary or trusted domain type" + msgstr "" ++"Afficher la liste des domaines, y compris le type de domaine principal ou de " ++"confiance" + + #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367 + #: src/tools/sssctl/sssctl_user_checks.c:95 + msgid "Unable to connect to system bus!\n" +-msgstr "" ++msgstr "Impossible de se connecter au bus système !\n" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Online" +-msgstr "" ++msgstr "En ligne" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Offline" +-msgstr "" ++msgstr "Hors ligne" + + #: src/tools/sssctl/sssctl_domains.c:167 + #, c-format + msgid "Online status: %s\n" +-msgstr "" ++msgstr "Statut en ligne : %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 + msgid "This domain has no active servers.\n" +-msgstr "" ++msgstr "Ce domaine n'a pas de serveurs actifs.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +-msgstr "" ++msgstr "Serveurs actifs :\n" + + #: src/tools/sssctl/sssctl_domains.c:230 + msgid "not connected" +-msgstr "" ++msgstr "non connecté" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Aucun serveur découvert.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format + msgid "Discovered %s servers:\n" +-msgstr "" ++msgstr "%s serveurs découverts :\n" + + #: src/tools/sssctl/sssctl_domains.c:285 + msgid "None so far.\n" +-msgstr "" ++msgstr "Aucun pour l'instant.\n" + + #: src/tools/sssctl/sssctl_domains.c:325 + msgid "Show online status" +-msgstr "" ++msgstr "Afficher le statut en ligne" + + #: src/tools/sssctl/sssctl_domains.c:326 + msgid "Show information about active server" +-msgstr "" ++msgstr "Afficher les informations sur le serveur actif" + + #: src/tools/sssctl/sssctl_domains.c:327 + msgid "Show list of discovered servers" +-msgstr "" ++msgstr "Afficher la liste des serveurs découverts" + + #: src/tools/sssctl/sssctl_domains.c:333 + msgid "Specify domain name." +-msgstr "" ++msgstr "Indiquer le nom de domaine." + + #: src/tools/sssctl/sssctl_domains.c:355 + msgid "Out of memory!\n" +-msgstr "" ++msgstr "Plus de mémoire disponible !\n" + + #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385 + msgid "Unable to get online status\n" +-msgstr "" ++msgstr "Impossible d'obtenir le statut en ligne\n" + + #: src/tools/sssctl/sssctl_domains.c:395 + msgid "Unable to get server list\n" +-msgstr "" ++msgstr "Impossible d'obtenir la liste des serveurs\n" + + #: src/tools/sssctl/sssctl_logs.c:47 + msgid "\n" +@@ -2744,92 +2801,92 @@ msgstr "\n" + + #: src/tools/sssctl/sssctl_logs.c:237 + msgid "Delete log files instead of truncating" +-msgstr "" ++msgstr "Supprimer les fichiers de log au lieu de tronquer" + + #: src/tools/sssctl/sssctl_logs.c:248 + msgid "Deleting log files...\n" +-msgstr "" ++msgstr "Suppression des fichiers journaux...\n" + + #: src/tools/sssctl/sssctl_logs.c:251 + msgid "Unable to remove log files\n" +-msgstr "" ++msgstr "Impossible de supprimer les fichiers journaux\n" + + #: src/tools/sssctl/sssctl_logs.c:257 + msgid "Truncating log files...\n" +-msgstr "" ++msgstr "Troncature des fichiers de journalisation...\n" + + #: src/tools/sssctl/sssctl_logs.c:260 + msgid "Unable to truncate log files\n" +-msgstr "" ++msgstr "Impossible de tronquer les fichiers de journalisation\n" + + #: src/tools/sssctl/sssctl_logs.c:286 + msgid "Out of memory!" +-msgstr "" ++msgstr "Plus de mémoire disponible !" + + #: src/tools/sssctl/sssctl_logs.c:289 + #, c-format + msgid "Archiving log files into %s...\n" +-msgstr "" ++msgstr "Archivage des fichiers journaux dans %s...\n" + + #: src/tools/sssctl/sssctl_logs.c:292 + msgid "Unable to archive log files\n" +-msgstr "" ++msgstr "Impossible d'archiver les fichiers journaux\n" + + #: src/tools/sssctl/sssctl_logs.c:317 + msgid "Specify debug level you want to set" +-msgstr "" ++msgstr "Spécifiez le niveau de débogage que vous souhaitez définir" + + #: src/tools/sssctl/sssctl_user_checks.c:117 + msgid "SSSD InfoPipe user lookup result:\n" +-msgstr "" ++msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:167 + #, c-format + msgid "dlopen failed with [%s].\n" +-msgstr "" ++msgstr "dlopen a échoué avec [%s].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:174 + #, c-format + msgid "dlsym failed with [%s].\n" +-msgstr "" ++msgstr "dlopen a échoué avec [%s].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:182 + msgid "malloc failed.\n" +-msgstr "" ++msgstr "malloc a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:189 + #, c-format + msgid "sss_getpwnam_r failed with [%d].\n" +-msgstr "" ++msgstr "sss_getpwnam_r a échoué avec [%d].\n" + + #: src/tools/sssctl/sssctl_user_checks.c:194 + msgid "SSSD nss user lookup result:\n" +-msgstr "" ++msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:195 + #, c-format + msgid " - user name: %s\n" +-msgstr "" ++msgstr " - user name: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:196 + #, c-format + msgid " - user id: %d\n" +-msgstr "" ++msgstr " - user id: %d\n" + + #: src/tools/sssctl/sssctl_user_checks.c:197 + #, c-format + msgid " - group id: %d\n" +-msgstr "" ++msgstr " - group id: %d\n" + + #: src/tools/sssctl/sssctl_user_checks.c:198 + #, c-format + msgid " - gecos: %s\n" +-msgstr "" ++msgstr " - gecos: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:199 + #, c-format + msgid " - home directory: %s\n" +-msgstr "" ++msgstr " - home directory: %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:200 + #, c-format +@@ -2837,18 +2894,20 @@ msgid "" + " - shell: %s\n" + "\n" + msgstr "" ++" - shell: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:232 + msgid "PAM action [auth|acct|setc|chau|open|clos], default: " +-msgstr "" ++msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : " + + #: src/tools/sssctl/sssctl_user_checks.c:235 + msgid "PAM service, default: " +-msgstr "" ++msgstr "Service PAM, par défaut : " + + #: src/tools/sssctl/sssctl_user_checks.c:240 + msgid "Specify user name." +-msgstr "" ++msgstr "Spécifiez le nom d'utilisateur." + + #: src/tools/sssctl/sssctl_user_checks.c:247 + #, c-format +@@ -2858,45 +2917,53 @@ msgid "" + "service: %s\n" + "\n" + msgstr "" ++"utilisateur: %s\n" ++"action: %s\n" ++"service: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:252 + #, c-format + msgid "User name lookup with [%s] failed.\n" +-msgstr "" ++msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:257 + #, c-format + msgid "InfoPipe User lookup with [%s] failed.\n" +-msgstr "" ++msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n" + + #: src/tools/sssctl/sssctl_user_checks.c:263 + #, c-format + msgid "pam_start failed: %s\n" +-msgstr "" ++msgstr "pam_start a échoué : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:268 + msgid "" + "testing pam_authenticate\n" + "\n" + msgstr "" ++"test de pam_authenticate\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:272 + #, c-format + msgid "pam_get_item failed: %s\n" +-msgstr "" ++msgstr "pam_get_item a échoué : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:275 + #, c-format + msgid "" + "pam_authenticate for user [%s]: %s\n" + "\n" +-msgstr "" ++msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n" + + #: src/tools/sssctl/sssctl_user_checks.c:278 + msgid "" + "testing pam_chauthtok\n" + "\n" + msgstr "" ++"test pam_chauthtok\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:280 + #, c-format +@@ -2904,12 +2971,16 @@ msgid "" + "pam_chauthtok: %s\n" + "\n" + msgstr "" ++"pam_chauthtok: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:282 + msgid "" + "testing pam_acct_mgmt\n" + "\n" + msgstr "" ++"test de pam_acct_mgmt\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:284 + #, c-format +@@ -2917,12 +2988,16 @@ msgid "" + "pam_acct_mgmt: %s\n" + "\n" + msgstr "" ++"pam_acct_mgmt: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:286 + msgid "" + "testing pam_setcred\n" + "\n" + msgstr "" ++"test de pam_setcred\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:288 + #, c-format +@@ -2930,12 +3005,16 @@ msgid "" + "pam_setcred: [%s]\n" + "\n" + msgstr "" ++"pam_setcred: [%s]\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:290 + msgid "" + "testing pam_open_session\n" + "\n" + msgstr "" ++"test pam_open_session\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:292 + #, c-format +@@ -2943,12 +3022,16 @@ msgid "" + "pam_open_session: %s\n" + "\n" + msgstr "" ++"pam_open_session: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:294 + msgid "" + "testing pam_close_session\n" + "\n" + msgstr "" ++"test pam_close_session\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:296 + #, c-format +@@ -2956,18 +3039,20 @@ msgid "" + "pam_close_session: %s\n" + "\n" + msgstr "" ++"pam_close_session: %s\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:298 + msgid "unknown action\n" +-msgstr "" ++msgstr "action inconnue\n" + + #: src/tools/sssctl/sssctl_user_checks.c:301 + msgid "PAM Environment:\n" +-msgstr "" ++msgstr "Environnement PAM :\n" + + #: src/tools/sssctl/sssctl_user_checks.c:309 + msgid " - no env -\n" +-msgstr "" ++msgstr " - no env -\n" + + #: src/util/util.h:82 + msgid "The user ID to run the server as" +@@ -2979,8 +3064,8 @@ msgstr "L'identifiant de groupe sous lequel faire tourner le serveur" + + #: src/util/util.h:92 + msgid "Informs that the responder has been socket-activated" +-msgstr "" ++msgstr "Informe que le répondeur a été activé par un socket" + + #: src/util/util.h:94 + msgid "Informs that the responder has been dbus-activated" +-msgstr "" ++msgstr "Informe que le répondeur a été activé par un dbus" +diff --git a/po/hu.po b/po/hu.po +index d49e39451..820671425 100644 +--- a/po/hu.po ++++ b/po/hu.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" +@@ -697,7 +697,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -768,737 +768,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-kiszolgáló címe" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-tartomány" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Időtúllépés azonosításkor" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, az LDAP szerver URI-ja" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Alapértelmezett LDAP alap-DN-je" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Az LDAP szerveren használt séma-típus, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Az alapértelmezett bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "A kapcsolódási próbálkozás időtartama" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "A CA tanusítványokat tartalmazó fájl" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS tanusítvány ellenőrzése" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "TLS megkövetelése ID keresésekor" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Teljes név" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf attribútum" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Csoport neve" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Csoport jelszava" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Alapértelmezett shell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/id.po b/po/id.po +index 3ffde26aa..cce27c3b3 100644 +--- a/po/id.po ++++ b/po/id.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:46+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Alamat server Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Realm Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI server LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Lamanya waktu untuk mencoba koneksi" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Membutuhkan verifikasi sertifikat TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Tentukan mekanisme sasl yang digunakan" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Tentukan id otorisasi sasl yang digunakan" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Tentukan id otorisasi sasl yang digunakan" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab layanan Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Lingkup pencarian pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter pencarian pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass untuk pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atribut Nama pengguna" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atribut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atribut GID Primer" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atribut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atribut direktori Home" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atribut Shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atribut utama pengguna (untuk Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nama Lengkap" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atribut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atribut waktu modifikasi" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell default, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/it.po b/po/it.po +index d01ff1b41..6de4012ac 100644 +--- a/po/it.po ++++ b/po/it.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-03-06 08:57+0000\n" + "Last-Translator: Milo Casagrande \n" + "Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/" +@@ -709,7 +709,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtro LDAP per determinare i privilegi di accesso" + +@@ -780,738 +780,747 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Indirizzo del server Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Realm Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Timeout di autenticazione" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directory in cui salvare le credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Percorso della cache delle credenziali utente" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Percorso del keytab per la validazione delle credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Abilita la validazione delle credenziali" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Intervallo di tempo tra due controlli di rinnovo" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Abilita FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server dove viene eseguito il servizio di cambio password, se non nel KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, l'indirizzo del server LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Il base DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Il bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Il tipo di token di autenticazione del bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Il token di autenticazione del bind DN predefinito" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Durata del tentativo di connessione" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Durata tra tentativi di riconnessione quando offline" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Usare solo maiuscole per i nomi dei realm" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "File contenente i certificati CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Percorso della directory dei cerficati della CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "File contenente il certificato client" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "File contenente la chiave client" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista delle possibili cipher suite" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Richiedere la verifica del certificato TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Specificare il meccanismo sasl da usare" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Specificare l'id di autorizzazione sasl da usare" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Specificare l'id di autorizzazione sasl da usare" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab del servizio Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Usare autorizzazione Kerberos per la connessione LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguire i referral LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Metodo di deferenziazione degli alias" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Durata attesa per le richieste di ricerca" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Durata tra gli aggiornamenti alle enumeration" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Intervallo di tempo per la pulizia cache" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Richiedere TLS per gli ID lookup" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN per i lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Ambito di applicazione dei lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro per i lookup utente" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass per gli utenti" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Attributo del nome utente" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Attributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Attributo del GID primario" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Attributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Attributo della home directory" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Attributo della shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Attributo user principal (per Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nome completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Attributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Attributo data di modifica" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Politica per controllare la scadenza della password" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista separata da virgola degli utenti abilitati" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista separata da virgola degli utenti non abilitati" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell predefinita, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Base delle home directory" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Il nome della libreria NSS da usare" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Stack PAM da usare" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ja.po b/po/ja.po +index 9056f7385..856cce635 100644 +--- a/po/ja.po ++++ b/po/ja.po +@@ -6,13 +6,14 @@ + # Tomoyuki KATO , 2012-2013 + # Noriko Mizumoto , 2016. #zanata + # Keiko Moriguchi , 2019. #zanata ++# Ludek Janda , 2020. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-10-07 11:46+0000\n" +-"Last-Translator: Keiko Moriguchi \n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2020-01-14 01:48+0000\n" ++"Last-Translator: Copied by Zanata \n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/" + "ja/)\n" + "Language: ja\n" +@@ -96,7 +97,7 @@ msgid "" + "files." + msgstr "" + "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" +-"クトリです。" ++"クトリーです。" + + #: src/config/SSSDConfig/__init__.py.in:63 + msgid "Domain to add to names without a domain component." +@@ -168,12 +169,12 @@ msgstr "識別プロバイダーからのホームディレクトリーの値を + msgid "" + "Substitute empty homedir value from the identity provider with this value" + msgstr "" +-"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え" +-"ます" ++"アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換" ++"えます" + + #: src/config/SSSDConfig/__init__.py.in:82 + msgid "Override shell value from the identity provider with this value" +-msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします" ++msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします" + + #: src/config/SSSDConfig/__init__.py.in:83 + msgid "The list of shells users are allowed to log in with" +@@ -210,7 +211,7 @@ msgstr "オンラインログイン中にキャッシュによるログインが + + #: src/config/SSSDConfig/__init__.py.in:92 + msgid "How many failed logins attempts are allowed when offline" +-msgstr "オフラインのときに許容されるログイン試行失敗回数" ++msgstr "オフラインの時に許容されるログイン試行失敗回数" + + #: src/config/SSSDConfig/__init__.py.in:93 + msgid "" +@@ -311,13 +312,14 @@ msgstr "信頼された CA 証明書のストレージへのパス" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "証明書からの ssh-key の生成を許可します" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -419,11 +421,11 @@ msgstr "クライアントの証明書を含むファイルへのパス" + + #: src/config/SSSDConfig/__init__.py.in:152 + msgid "Path to file containing client's private key" +-msgstr "クライアントのプライベートキーを含むファイルへのパス" ++msgstr "クライアントの秘密鍵を含むファイルへのパス" + + #: src/config/SSSDConfig/__init__.py.in:155 + msgid "Identity provider" +-msgstr "アイデンティティプロバイダー" ++msgstr "アイデンティティープロバイダー" + + #: src/config/SSSDConfig/__init__.py.in:156 + msgid "Authentication provider" +@@ -475,7 +477,7 @@ msgstr "すべてのユーザー・グループの列挙を有効にする" + + #: src/config/SSSDConfig/__init__.py.in:170 + msgid "Cache credentials for offline login" +-msgstr "オフラインログインのためにクレディンシャルをキャッシュする" ++msgstr "オフラインログインのためにクレデンシャルをキャッシュする" + + #: src/config/SSSDConfig/__init__.py.in:171 + msgid "Display users/groups in fully-qualified form" +@@ -498,7 +500,7 @@ msgstr "エントリーキャッシュのタイムアウト長(秒)" + #: src/config/SSSDConfig/__init__.py.in:174 + msgid "" + "Restrict or prefer a specific address family when performing DNS lookups" +-msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します" ++msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します" + + #: src/config/SSSDConfig/__init__.py.in:175 + msgid "How long to keep cached entries after last successful login (days)" +@@ -518,7 +520,7 @@ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)" + + #: src/config/SSSDConfig/__init__.py.in:178 + msgid "How long to wait for replies from DNS when resolving servers (seconds)" +-msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)" ++msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)" + + #: src/config/SSSDConfig/__init__.py.in:179 + msgid "The domain part of service discovery DNS query" +@@ -561,7 +563,7 @@ msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:194 + msgid "Whether the nsupdate utility should default to using TCP" +-msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか" ++msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか" + + #: src/config/SSSDConfig/__init__.py.in:195 + msgid "What kind of authentication should be used to perform the DNS update" +@@ -632,7 +634,7 @@ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単 + + #: src/config/SSSDConfig/__init__.py.in:217 + msgid "If set to false, host argument given by PAM will be ignored" +-msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます" ++msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます" + + #: src/config/SSSDConfig/__init__.py.in:218 + msgid "The automounter location this IPA client is using" +@@ -649,7 +651,7 @@ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索 + #: src/config/SSSDConfig/__init__.py.in:221 + #: src/config/SSSDConfig/__init__.py.in:239 + msgid "Enable DNS sites - location based service discovery" +-msgstr "DNS サイトの有効化 - 位置にサービス探索" ++msgstr "DNS サイトの有効化 - 位置ベースのサービス検索" + + #: src/config/SSSDConfig/__init__.py.in:222 + msgid "Search base for view containers" +@@ -720,7 +722,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory クライアントホスト名" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "アクセス権限を決めるための LDAP フィルター" + +@@ -798,209 +800,218 @@ msgstr "マシンアカウントのパスワードの更新が必要となるま + msgid "Option for tuning the machine account renewal task" + msgstr "マシンアカウントの更新タスクをチューニングするオプション" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos サーバーのアドレス" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Kerberos バックアップサーバーのアドレス" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos レルム" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "認証のタイムアウト" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "kdcinfo ファイルを作成するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "krb5 設定スニペットを削除する場所" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" +-msgstr "クレディンシャルのキャッシュを保存するディレクトリー" ++msgstr "クレデンシャルのキャッシュを保存するディレクトリー" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" +-msgstr "ユーザーのクレディンシャルキャッシュの位置" ++msgstr "ユーザーのクレデンシャルキャッシュの位置" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" +-msgstr "クレディンシャルを検証するキーテーブルの場所" ++msgstr "クレデンシャルを検証するキーテーブルの場所" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" +-msgstr "クレディンシャルの検証を有効にする" ++msgstr "クレデンシャルの検証を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "更新可能な TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "更新を確認する間隔" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "FAST を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "FAST に使用するプリンシパルを選択する" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "プリンシパル正規化を有効にする" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "エンタープライズ・プリンシパルの有効化" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "デフォルトのベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "ユーザーのパスワードの変更にモードを使用しました" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "デフォルトのバインド DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "デフォルトのバインド DN の認証トークンの種類" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "デフォルトのバインド DN の認証トークン" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "接続を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "LDAP 同期操作を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "オフラインの間に再接続を試行する時間" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "レルム名に対して大文字のみを使用する" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "CA 証明書を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "CA 証明書のディレクトリーのパス" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "クライアント証明書を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "クライアントの鍵を含むファイル" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "利用可能な暗号の一覧" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "TLS 証明書の検証を要求する" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "使用する SASL メカニズムを指定する" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "使用する SASL 認可 ID を指定する" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "使用する SASL 認可レルムを指定する" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "LDAP SASL 認可の最小 SSF を指定する" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "LDAP SASL 認可の最小 SSF を指定する" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberos サービスのキーテーブル" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "LDAP 接続に対して Kerberos 認証を使用する" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "LDAP リフェラルにしたがう" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "LDAP 接続の TGT の有効期間" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "エイリアスを参照解決する方法" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "DNS サービス検索のサービス名" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" +-msgstr "単一の LDAP 問い合わせにおいて取得するレコード数" ++msgstr "単一の LDAP クエリーにおいて取得するレコード数" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1008,400 +1019,400 @@ msgstr "" + "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す" + "るかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN 属性" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN 属性" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "LDAP サーバーを切断する前に接続を保持する時間" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "LDAP ページング制御を無効化する" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Active Directory 範囲の取得の無効化" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "検索要求を待つ時間" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "列挙の要求を待つ時間" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "列挙の更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "キャッシュをクリーンアップする間隔" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "ID 検索に TLS を要求する" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "ユーザー検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "ユーザー検索の範囲" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "ユーザー検索のフィルター" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "ユーザーのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "ユーザー名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID の属性" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "プライマリー GID の属性" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS の属性" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" +-msgstr "ホームディレクトリの属性" ++msgstr "ホームディレクトリーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "シェルの属性" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "UUID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "ID マッピングの Active Directory プライマリーグループ属性" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "ユーザープリンシパルの属性(Kerberos 用)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "氏名" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf 属性" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange 属性" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin 属性" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax 属性" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning 属性" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive 属性" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire 属性" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag 属性" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "認可された PAM サービスを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "認可されたサーバーホストを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "認可されたサーバー rhosts を一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange 属性" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration 属性" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "サーバー側パスワードポリシーが有効であることを意味する属性" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "AD の accountExpires 属性" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "AD の userAccountControl 属性" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock 属性" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "NDS の loginDisabled 属性" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "NDS の loginExpirationTime 属性" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "NDS の loginAllowedTimeMap 属性" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "SSH 公開鍵の属性" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "ユーザー用に許可された認証タイプを一覧化する属性" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "ユーザーの X509 証明書を含む属性" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "ユーザーの電子メールアドレスを含む属性" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "グループ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "グループのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "グループ名" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "グループのパスワード" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "グループメンバー属性" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "グループ UUID 属性" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "グループの変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "グループおよび他のフラグのタイプ" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "LDAP グループの外部メンバーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "SSSD が従う最大ネストレベル" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "ネットグループ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "ネットグループのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "ネットグループ名" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "ネットグループメンバーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "ネットグループの三つ組の属性" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "ネットグループの変更日時の属性" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "サービス検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "サービスのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "サービス名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "サービスポートの属性" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "サービスプロトコルの属性" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "ID マッピングの下限" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "ID マッピングの上限" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "ID マッピングするとき、各スライスに対する ID の数" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "ID マッピングに対するデフォルトドメインの名前" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "ID マッピングに対するデフォルトドメインの SID" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "セカンダリースライスの数" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Token-Group を使うかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "LDAP サーバーから許可される ID の下限の設定" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "LDAP サーバーから許可される ID の上限の設定" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "ppolicy クエリーの DN" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "ワイルドカードの要求の間に取得する最大エントリーの数" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "パスワード失効の評価のポリシー" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "どのルールがアクセス制御を評価するために使用されるか" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "パスワードの変更が許可される LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "LDAP パスワードの変更サーバーの DNS サービス名" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "sudo ルール検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "自動的な完全更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "自動的なスマート更新間隔" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう" + "か" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1409,134 +1420,134 @@ msgstr "" + "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン" + "名" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット" + "ワーク" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "ホスト属性に正規表現を含むルールを含めるかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "sudo ルールのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "sudo ルール名" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "sudo ルールのコマンドの属性" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "sudo ルールのホストの属性" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "sudo ルールのユーザーの属性" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "sudo ルールのオプションの属性" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "sudo ルールの runas の属性" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "sudo ルールの runasuser の属性" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "sudo ルールの runasgroup の属性" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "sudo ルールの notbefore の属性" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "sudo ルールの notafter の属性" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "sudo ルールの order の属性" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "automounter マップのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "オートマウントのマップ名の属性" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "automounter マップエントリーのオブジェクトクラス" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" +-msgstr "automounter マップエントリーのキー属性" ++msgstr "automounter マップエントリーの鍵属性" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "automounter マップエントリーの値属性" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "automonter のマップ検索のベース DN" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "許可ユーザーのカンマ区切り一覧" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "禁止ユーザーのカンマ区切り一覧" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "デフォルトのシェル, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "ホームディレクトリーのベース" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." +-msgstr "事前にフォークされた子プロキシの数" ++msgstr "事前にフォークされた子プロキシーの数。" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "使用する NSS ライブラリーの名前" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "使用する PAM スタック" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "passwd ファイルソースへのパス" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "グループファイルソースへのパス" + +@@ -1642,7 +1653,7 @@ msgstr "公開ソケットの所有者またはパーミッションが誤って + + #: src/sss_client/common.c:1085 + msgid "Unexpected format of the server credential message." +-msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。" ++msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。" + + #: src/sss_client/common.c:1088 + msgid "SSSD is not run by root." +@@ -1683,7 +1694,7 @@ msgstr "root によるパスワードのリセットはサポートされませ + + #: src/sss_client/pam_sss.c:526 + msgid "Authenticated with cached credentials" +-msgstr "キャッシュされているクレディンシャルを用いて認証されました" ++msgstr "キャッシュされているクレデンシャルを用いて認証されました" + + #: src/sss_client/pam_sss.c:527 + msgid ", your cached password will expire at: " +@@ -1717,7 +1728,7 @@ msgstr "" + + #: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789 + msgid "Password change failed. " +-msgstr "パスワードの変更に失敗しました。 " ++msgstr "パスワードの変更に失敗しました。" + + #: src/sss_client/pam_sss.c:2008 + msgid "New Password: " +@@ -1737,7 +1748,7 @@ msgstr "2 番目の要素 (オプション): " + + #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346 + msgid "Second Factor: " +-msgstr "2 番目の要素: " ++msgstr "2 番目の要素: " + + #: src/sss_client/pam_sss.c:2190 + msgid "Password: " +@@ -2055,17 +2066,17 @@ msgstr "マジックプライベート " + #: src/tools/sss_groupshow.c:615 + #, c-format + msgid "%1$s%2$sGroup: %3$s\n" +-msgstr "%1$s%2$s グループ: %3$s\n" ++msgstr "%1$s%2$sGroup: %3$s\n" + + #: src/tools/sss_groupshow.c:618 + #, c-format + msgid "%1$sGID number: %2$d\n" +-msgstr "%1$s GID 番号: %2$d\n" ++msgstr "%1$sGID 番号: %2$d\n" + + #: src/tools/sss_groupshow.c:620 + #, c-format + msgid "%1$sMember users: " +-msgstr "%1$s メンバーユーザー: " ++msgstr "%1$sMember ユーザー: " + + #: src/tools/sss_groupshow.c:627 + #, c-format +@@ -2074,7 +2085,7 @@ msgid "" + "%1$sIs a member of: " + msgstr "" + "\n" +-"%1$s は次のメンバー: " ++"%1$sIs は次のメンバー: " + + #: src/tools/sss_groupshow.c:634 + #, c-format +@@ -2083,7 +2094,7 @@ msgid "" + "%1$sMember groups: " + msgstr "" + "\n" +-"%1$s メンバーグループ: " ++"%1$sMember グループ: " + + #: src/tools/sss_groupshow.c:670 + msgid "Print indirect group members recursively" +@@ -2138,7 +2149,7 @@ msgstr "SELinux ログインコンテキストをリセットできません\n" + #, c-format + msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" + msgstr "" +-"警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n" ++"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n" + + #: src/tools/sss_userdel.c:278 + msgid "Cannot determine if the user was logged in on this platform" +@@ -2463,14 +2474,14 @@ msgid "Search by group ID" + msgstr "グループ ID で検索" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "名前 %s を構文解析できません。\n" ++msgstr "%s を開くことに失敗しました\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "SSSD ソケットは存在しません。" ++msgstr "ファイル %1$s は存在しません。\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2482,24 +2493,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "%s からの設定のロードに失敗しました。\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"ファイル %1$s は存在しません。SSSD は、ファイルプロバイダーでデフォルトの設定" +-"を使用します。\n" ++"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま" ++"す。\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "バリデーターの実行に失敗しました" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2512,14 +2522,14 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "設定のマージ中に生成されたメッセージ: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "設定スニペットファイルを使用: %u\n" ++msgstr "使用された設定スニペットファイル: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format + msgid "Unable to create backup directory [%d]: %s" +-msgstr "バックアップディレクトリー [%d] の作成に失敗: %s" ++msgstr "バックアップディレクトリー [%d] を作成できません: %s" + + #: src/tools/sssctl/sssctl_data.c:95 + msgid "SSSD backup of local data already exists, override?" +@@ -2597,7 +2607,7 @@ msgstr "" + #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367 + #: src/tools/sssctl/sssctl_user_checks.c:95 + msgid "Unable to connect to system bus!\n" +-msgstr "システムバスに接続できません!\n" ++msgstr "システムバスに接続できません。\n" + + #: src/tools/sssctl/sssctl_domains.c:167 + msgid "Online" +@@ -2613,9 +2623,8 @@ msgid "Online status: %s\n" + msgstr "オンライン状態: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "アクティブサーバーに関する情報の表示" ++msgstr "このドメインには、アクティブなサーバーはありません。\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2627,12 +2636,12 @@ msgstr "接続していません" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "サーバーが見つかりません。\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format + msgid "Discovered %s servers:\n" +-msgstr "%s サーバーを発見:\n" ++msgstr "%s サーバーが見つかりました:\n" + + #: src/tools/sssctl/sssctl_domains.c:285 + msgid "None so far.\n" +@@ -2648,7 +2657,7 @@ msgstr "アクティブサーバーに関する情報の表示" + + #: src/tools/sssctl/sssctl_domains.c:327 + msgid "Show list of discovered servers" +-msgstr "発見されたサーバーに関する一覧を表示" ++msgstr "見つかったサーバーに関する一覧を表示" + + #: src/tools/sssctl/sssctl_domains.c:333 + msgid "Specify domain name." +@@ -2656,7 +2665,7 @@ msgstr "ドメイン名を指定します。" + + #: src/tools/sssctl/sssctl_domains.c:355 + msgid "Out of memory!\n" +-msgstr "メモリの空き容量がありません。\n" ++msgstr "メモリーの空き容量がありません。\n" + + #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385 + msgid "Unable to get online status\n" +@@ -2692,12 +2701,12 @@ msgstr "ログファイルの切り捨てができません\n" + + #: src/tools/sssctl/sssctl_logs.c:286 + msgid "Out of memory!" +-msgstr "メモリの空き容量がありません。" ++msgstr "メモリーの空き容量がありません。" + + #: src/tools/sssctl/sssctl_logs.c:289 + #, c-format + msgid "Archiving log files into %s...\n" +-msgstr "ログファイルを %s へアーカイブ...\n" ++msgstr "ログファイルを %s へアーカイブ中...\n" + + #: src/tools/sssctl/sssctl_logs.c:292 + msgid "Unable to archive log files\n" +@@ -2851,7 +2860,9 @@ msgstr "" + msgid "" + "testing pam_acct_mgmt\n" + "\n" +-msgstr "pam_acct_mgmt のテスト中\n" ++msgstr "" ++"pam_acct_mgmt のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:284 + #, c-format +@@ -2883,7 +2894,9 @@ msgstr "" + msgid "" + "testing pam_open_session\n" + "\n" +-msgstr "pam_open_session のテスト中\n" ++msgstr "" ++"pam_open_session のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:292 + #, c-format +@@ -2898,7 +2911,9 @@ msgstr "" + msgid "" + "testing pam_close_session\n" + "\n" +-msgstr "pam_close_session のテスト中\n" ++msgstr "" ++"pam_close_session のテスト中\n" ++"\n" + + #: src/tools/sssctl/sssctl_user_checks.c:296 + #, c-format +diff --git a/po/nb.po b/po/nb.po +index 4b616074d..39289bb60 100644 +--- a/po/nb.po ++++ b/po/nb.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:46+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Tjeneradresse for Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-område" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Tidsavbrudd for autentisering" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/nl.po b/po/nl.po +index 7c9399f67..75a6bc564 100644 +--- a/po/nl.po ++++ b/po/nl.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:47+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +@@ -740,7 +740,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory cliënt hostnaam" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-filter om toegangsprivileges mee te bepalen" + +@@ -811,217 +811,226 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos-serveradres" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Kerberos back-up server adres" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberos-rijk" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Authenticatie timeout" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Moeten kdcinfo bestanden aangemaakt worden" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Locatie van de authenticatiecache van de gebruiker" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Locatie van de keytab om authenticatiegegevens te valideren" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Schakel authenticatiegegevensvalidatie in" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Sla het wachtwoord op indien offline voor later gebruik bij online " + "authenticatie" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Vernieuwbare levensduur van de TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Levensduur van de TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Tijd tussen twee checks voor vernieuwing" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Zet FAST aan" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Zet hoofdpersoon sanctioneren aan" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Zet enterprise principals aan" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, de URI van de LDAP server" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, De URI van de LDAP server" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "De standaard base DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "De standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Het type authenticatietoken van de standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Het authenticatietoken van de standaard bind DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Hoe lang pogen te verbinden" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Hoe lang proberen synchroon LDAP te benaderen" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " + "offline zijn" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Bestand dat de bekende CA-certificaten bevat" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Pad naar de CA-certificatenmap" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Bestand dat het client certificaat bevat" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Bestand dat de client sleutel bevat" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lijst van mogelijke sleutel suites" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Vereis verificatie van het TLS-certificaat" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Specificeer het te gebruiken sasl autorisatiegebied " + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberos service keytab" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Volg LDAP-doorverwijzingen" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Levensduur van TGT voor LDAP-connectie" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Hoe moet de alias referentie verwijderd worden" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Service naam voor DNS service opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Het aantal leden van moet ontbreken om een volledige de-referentie te " + "veroorzaken" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1029,382 +1038,382 @@ msgstr "" + "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " + "autoriseren tijdens een SASL binding" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " + "losgekoppeld wordt" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Het LDAP paging besturingselement uitschakelen" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Zet Active Directory bereik opvragen uit" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tijd om te wachten op een zoekopdracht" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Tijdsduur te wachten voor een opsommingsverzoek" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tijd om te wachten tussen enumeratie-updates" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Tijdsduur tussen cache opschoningen" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Vereis TLS voor het opzoeken van ID's" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Scope voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter voor het opzoeken van gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass voor gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Username-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primair GID-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Gebruikersmap-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Shell-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Active Directory primaire groep attribuut voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Userprincipal-attribuut (voor Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Volledige naam" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "memberOf-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Modification time-attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "shadowLastChange attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribuut voor tonen van geautoriseerde PAM services" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribuut dat geautoriseerde server hosts toont" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "krbLastPwdChange attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "accountExpires attribuut van AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "userAccountControl attribuut van AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "nsAccountLock attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "loginDisabled attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "loginExpirationTime attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "loginAllowedTimeMap attribuut van NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "SSH publieke sleutel attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Basis DN voor groep opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objectklasse voor groepen" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Groepsnaam" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Groep wachtwoord" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Groep deelnemer attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Verandertijd attribuut voor groepen" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Basis DN voor netgroep opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objectklasse voor netgroepen" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Netgroep naam" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Netgroep leden attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Netgroep triple attibuut" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Verandertijd attribuut voor netgroepen" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Basis DN voor service lookups" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objectclass voor services" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Service naam attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Service port attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Service protocol attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Ondergrens voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Bovengrens voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Aantal ID's voor elk segment bij ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Naam van het standaard domein voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID van het standaard domein voor ID-mapping" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Policy om wacthwoordverloop mee te evalueren" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS service naam voor LDAP wachtwoord verander server" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1412,23 +1421,23 @@ msgstr "" + "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een " + "wachtwoordwijziging" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Basis DN voor sudo regels lookups" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Automatische volledige ververs periode" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Automatische slimme ververs periode" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1436,137 +1445,137 @@ msgstr "" + "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor " + "het filteren van sudo regels" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo " + "regels" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut " + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Moeten regels toegevoegd worden die regulaire expressie bevatten in host " + "attribuut " + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objectklasse voor sudo regels" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo regelnaam" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Sudo regel opdracht attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Sudo regel host attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Sudo regel gebruiker attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Sudo regel optie attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Sudo regel runasuser attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Sudo regel runasgroup attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Sudo regel notbefore attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Sudo regel notafter attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Sudo regel volgorde attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Object class voor automounter maps" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Automounter map naam attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objectklasse voor automounter map ingaven" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Automounter map sleutel ingave attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Automounter map ingavewaarde attribuut" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Basis DN voor automounter kaart opzoeken" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Kommagescheiden lijst van toegestane gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Kommagescheiden lijst van geweigerde gebruikers" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Standaard shell, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Basis voor gebruikersmappen" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden " + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "PAM-stack die gebruikt wordt" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/pl.po b/po/pl.po +index c5ca94f8e..e52db1707 100644 +--- a/po/pl.po ++++ b/po/pl.po +@@ -14,8 +14,8 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-08-26 02:06+0000\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2019-12-02 12:32+0000\n" + "Last-Translator: Piotr Drąg \n" + "Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/" + "pl/)\n" +@@ -333,13 +333,15 @@ msgstr "Ścieżka do miejsca przechowywania zaufanych certyfikatów CA" + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Zezwala na tworzenie kluczy SSH z certyfikatów" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Używa poniższych reguł dopasowania do filtrowania certyfikatów do tworzenia " ++"kluczy SSH" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -765,7 +767,7 @@ msgid "Active Directory client hostname" + msgstr "Nazwa komputera klienta Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Filtr LDAP do określenia uprawnień dostępu" + +@@ -848,214 +850,223 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "Opcja dostrajania zadania odnawiania konta komputera" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adres serwera Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adres zapasowego serwera Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Obszar Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Czas oczekiwania na uwierzytelnienie" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Określa, czy tworzyć pliki kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Gdzie umieścić wstawki konfiguracji krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Włącza sprawdzanie danych uwierzytelniających" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia " + "w trybie online" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Odnawialny czas trwania TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Czas trwania TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Czas między dwoma sprawdzaniami odnowy" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Włącza FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Wybiera naczelnika do użycia dla FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Włącza ujednolicanie naczelnika" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Włącza naczelników enterprise" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " + "się w KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, adres URI serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, adres URI serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Domyślna podstawowa DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Tryb używany do zmiany hasła użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Domyślne DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Token uwierzytelniania domyślnego DN dowiązania" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Czas do próby połączenia" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Czas do próby synchronicznych działań LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Czas między próbami ponownego połączenia w trybie offline" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Użycie tylko wielkich znaków w nazwach obszarów" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Plik zawierający certyfikaty CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Ścieżka do katalogu certyfikatów CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Plik zawierający certyfikat klienta" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Plik zawierający klucz klienta" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista możliwych zestawów szyfrów" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Wymaga sprawdzenia certyfikatu TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Podaje używany mechanizm SASL" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Podaje używany identyfikator upoważnienia SASL" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Podaje obszar upoważnienia SASL do użycia" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Tablica kluczy usługi Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Podąża za odsyłaniami LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Czas trwania TGT dla połączenia LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Jak wskazywać aliasy" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Nazwa usługi do wyszukiwań usługi DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1063,381 +1074,381 @@ msgstr "" + "Określa, czy biblioteka LDAP ma wykonywać odwrotne wyszukanie, aby " + "ujednolicić nazwę komputera podczas dowiązania SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "Atrybut entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "Atrybut lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Wyłącza kontrolę stronicowania LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Wyłącza pobieranie zakresu Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Czas oczekiwania na żądanie wyszukiwania" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Czas oczekiwania na żądanie wyliczenia" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Czas między aktualizacjami wyliczania" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Czas między czyszczeniem pamięci podręcznej" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych " + "identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Podstawowe DN dla wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Zakres wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtruje wyszukiwania użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Klasa obiektów dla użytkowników" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atrybut nazwy użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atrybut UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Pierwszy atrybut GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atrybut GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atrybut katalogu domowego" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atrybut powłoki" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Atrybut UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Atrybut objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atrybut głównego użytkownika (dla Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Imię i nazwisko" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atrybut memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atrybut czasu modyfikacji" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Atrybut shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Atrybut shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Atrybut shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Atrybut shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Atrybut shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Atrybut shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Atrybut shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Atrybut zawierający listę upoważnionych usług PAM" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Atrybut zawierający listę upoważnionych rhosts serwera" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Atrybut krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Atrybut krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Atrybut accountExpires AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Atrybut userAccountControl AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Atrybut nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Atrybut loginDisabled NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Atrybut loginExpirationTime NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Atrybut loginAllowedTimeMap NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Atrybut klucza publicznego SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + "atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "atrybut zawierający certyfikat X509 użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "atrybut zawierający adres e-mail użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Podstawowe DN dla wyszukiwania grup" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Klasa obiektów dla grup" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Nazwa grupy" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Hasło grupy" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Atrybut GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Atrybut elementu grupy" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Atrybut UUID grupy" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Atrybut czasu modyfikacji grup" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typ grupy i inne flagi" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Atrybut zewnętrznego członka grupy LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Klasa obiektów dla grup sieciowych" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nazwa grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Atrybut elementów grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Potrójny atrybut grupy sieciowej" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Atrybut czasu modyfikacji grup sieciowych" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Podstawowe DN do wyszukiwania usług" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Klasa obiektów dla usług" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Atrybut nazwy usługi" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Atrybut portu usługi" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Atrybut protokołu usługi" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Niższa granica dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Wyższa granica dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + "Liczba identyfikatorów dla każdego fragmentu podczas mapowania " + "identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID domyślnej domeny dla mapowania identyfikatorów" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Liczba drugorzędnych fragmentów" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Czy używać Token-Groups" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN dla zapytań polityki" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Ile maksymalnie wpisów pobierać podczas żądania z wieloznacznikiem" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Polityka do oszacowania wygaszenia hasła" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Które atrybuty mają być używane do sprawdzenia, czy konto wygasło" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Które reguły mają być używane do sprawdzania kontroli dostępu" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1445,24 +1456,24 @@ msgstr "" + "Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie " + "hasła" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Podstawowe DN dla wyszukiwań reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Okres między automatycznymi pełnymi odświeżeniami" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Okres między automatycznymi inteligentnymi odświeżeniami" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1470,138 +1481,138 @@ msgstr "" + "Nazwy komputerów lub w pełni kwalifikowane nazwy domen tego komputera do " + "filtrowania reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie " + "komputera" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Klasa obiektów dla reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "Nazwa atrybutu używanego jako klasa obiektów dla reguł sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Nazwa reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Atrybut polecenia reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Atrybut komputera reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Atrybut użytkownika reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Atrybut opcji reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Atrybut runas reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Atrybut runasuser reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Atrybut runasgroup reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Atrybut notbefore reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Atrybut notafter reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Atrybut kolejności reguły sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Klasa obiektów dla map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Atrybut nazwy mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Klasa obiektów dla wpisów map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Atrybut klucza wpisu mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Atrybut wartości wpisu mapy automountera" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Podstawowe DN dla wyszukiwań map automountera" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Domyślna powłoka, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Podstawa katalogów domowych" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Liczba elementów potomnych pośrednika przed rozwidleniem." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Nazwa używanej biblioteki NSS" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli " + "to możliwe" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Używany stos PAM" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Ścieżka źródeł pliku „passwd”." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Ścieżka źródeł pliku „group”." + +@@ -2533,14 +2544,14 @@ msgid "Search by group ID" + msgstr "Wyszukuje według identyfikatorów grup" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Nie można przetworzyć nazwy %s.\n" ++msgstr "Otwarcie %s się nie powiodło\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "Gniazdo SSSD nie istnieje." ++msgstr "Plik %1$s nie istnieje.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2552,24 +2563,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Plik %1$s nie istnieje. Usługa SSSD użyje domyślnej konfiguracji z dostawcą " ++"Nie ma konfiguracji. Usługa SSSD użyje domyślnej konfiguracji z dostawcą " + "plików.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Uruchomienie programów sprawdzających poprawność się nie powiodło" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2582,9 +2592,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Komunikaty utworzone podczas łączenia konfiguracji: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Użyte pliki wstawek konfiguracji: %u\n" ++msgstr "Użyte pliki wstawek konfiguracji: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2681,9 +2691,8 @@ msgid "Online status: %s\n" + msgstr "Stan online: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Wyświetla informacje o aktywnym serwerze" ++msgstr "Ta domena nie ma aktywnych serwerów.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2695,7 +2704,7 @@ msgstr "nie połączono" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Nie wykryto żadnych serwerów.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format +diff --git a/po/pt.po b/po/pt.po +index 6f983d38a..de61e356f 100644 +--- a/po/pt.po ++++ b/po/pt.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:47+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +@@ -703,7 +703,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -774,739 +774,748 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Endereço do servidor Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Reino Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Tempo de expiração da autenticação" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Directório para armazenar as caches de credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Localização da cache de credenciais dos utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Localização da tabela de chaves (keytab) para validar credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Activar validação de credenciais" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Servidor onde está em execução o serviço de alteração de senha, se não " + "coincide com o KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, O URI do servidor LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "A base DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "O DN por omissão para a ligação" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "O tipo de token de autenticação do bind DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "O token de autenticação do bind DN por omissão" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Período de tempo para tentar ligação" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tempo de espera para tentar operações LDAP síncronas" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Ficheiro que contêm os certificados CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Caminho para o directório do certificado CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Obriga a verificação de certificados TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Especificar mecanismo sasl a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Especifique o id sasl para utilizar na autorização" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Especifique o id sasl para utilizar na autorização" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Separador chave do serviço Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Utilizar autenticação Kerberos para ligações LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Seguir os referrals LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tempo de espera por um pedido de pesquisa" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Período de tempo entre enumeração de actualizações" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Requer TLS para consultas de ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "DN base para pesquisa de utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Âmbito das pesquisas do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filtro para as pesquisas do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass para utilizadores" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Atributo do nome do utilizador" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Atributo UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Atributo GID primário" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Atributo GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Atributo da pasta pessoal" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Atributo da Shell" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Atributo principal do utilizador (para Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Nome Completo" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Atributo memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Atributo da alteração da data" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Politica para avaliar a expiração da senha" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Lista de utilizadores autorizados separados por vírgulas" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Lista de utilizadores não autorizados separados por vírgulas" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Shell pré-definida, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Directório base para as pastas pessoais" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "O nome da biblioteca NSS a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Stack PAM a utilizar" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/pt_BR.po b/po/pt_BR.po +index dc03ba658..3a0f0a15a 100644 +--- a/po/pt_BR.po ++++ b/po/pt_BR.po +@@ -3,7 +3,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2015-10-27 08:15+0000\n" + "Last-Translator: Marco Aurélio Krause \n" + "Language-Team: Portuguese (Brazil)\n" +@@ -689,7 +689,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -760,737 +760,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/ru.po b/po/ru.po +index d8e586b20..8af743d55 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2016-02-23 10:04+0000\n" + "Last-Translator: Oleksii Levan \n" + "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" +@@ -720,7 +720,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Фильтр LDAP для определения прав доступа" + +@@ -791,740 +791,749 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Имя сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Область действия Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Тайм-аут проверки подлинности" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Каталог для хранения кэшей учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Расположения кэша учётных данных пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Расположение keytab-файла для проверки учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Включить проверку учётных данных" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + "При отсутствии соединения сохранить пароль и пройти аутентификацию позже" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI сервера LDAP " + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Base DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Маркер проверки подлинности для bind DN по умолчанию" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Временной интервал для попытки соединения" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Временной интервал для попытки синхронизации операций LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Временной интервал между попытками возобновления соединения в автономного " + "режиме" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл содержащий сертификаты CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Путь к каталогу с сертификатами CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Требуется проверка сертификата TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Укажите механизм sasl" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Укажите идентификатор авторизации sasl" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Укажите идентификатор авторизации sasl" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Keytab-файл службы Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Следовать ссылкам LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Время жизни TGT для LDAP-соединений" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Временной интервал, в течение которого ожидать поискового запроса" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Временной интервал между обновлениями перечисления" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Требовать TLS для запросов ID" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Base DN для поиска" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Глубина поиска" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Фильтр поиска" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objectclass для пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Атрибут «username»" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Атрибут «UID»" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Атрибут «primary GID»" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Атрибут «GECOS»" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Атрибут домашнего каталога" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Атрибут оболочки" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Атрибут участника-пользователя (для Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Полное имя" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Атрибут memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Атрибут времени изменения" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Политика вычисления окончания срока действия пароля" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Разделённый запятыми список разрешённых пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Разделённый запятыми список запрещённых пользователей" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Оболочка по умолчанию, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Место для домашних каталогов" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Имя используемой библиотеки NSS" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Используемый стек PAM" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/sssd.pot b/po/sssd.pot +index 8c0091882..2270e49d6 100644 +--- a/po/sssd.pot ++++ b/po/sssd.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME \n" + "Language-Team: LANGUAGE \n" +@@ -692,7 +692,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -763,737 +763,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/sv.po b/po/sv.po +index 646f33eee..243c4e2d9 100644 +--- a/po/sv.po ++++ b/po/sv.po +@@ -11,7 +11,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2019-09-29 04:12+0000\n" + "Last-Translator: Göran Uddeborg \n" + "Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/" +@@ -742,7 +742,7 @@ msgid "Active Directory client hostname" + msgstr "Active Directory-klientvärdnamn" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "LDAP-filter för att bestämma åtkomstprivilegier" + +@@ -825,210 +825,219 @@ msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas" + msgid "Option for tuning the machine account renewal task" + msgstr "Flagga för att trimma maskinkontots förnyelseuppgift" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Adress till Kerberosserver" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Adress till reservserver för Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Kerberosrike" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Autentiseringstidsgräns" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Huruvida kdcinfo-filer skall skapas" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Var konfigurationssnuttar för krb5 skall läggas" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Katalog att lagra kreditiv-cachar i" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Plats för användarens kreditiv-cache" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Plats för nyckeltabellen för att validera kreditiv" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Aktivera validering av kreditiv" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Förnybar livstid för TGT:n" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Livstid för TGT:n" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Tid mellan två kontroller av förnyelse" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Aktiverar FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Väljer huvudman att använda för FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Aktivera kanonisk form av huvudman" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Aktiverar företagshuvudmän" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "En översättning från användarnamn till Kerberos huvudmansnamn" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, URI:n för LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, URI:n för LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Standard bas-DN" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Schematypen som används i LDAP-servern, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Läge som används för att ändra användares lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Typen på autentiserings-token för standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Autentiserings-token för standard bindnings-DN" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Tidslängd att försöka ansluta" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Tidslängd att försöka synkrona LDAP-operationer" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "Tidslängd mellan försök att återansluta vid frånkoppling" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Använd endast versaler för namn på riken" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Fil som innehåller CA-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Sökväg till katalogen med CA-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Fil som innehåller klientcertifikatet" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Fil som innehåller klientnyckeln" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Lista över möjliga chiffersviter" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Kräv TLS-certifikatverifiering" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Ange sasl-mekanismen att använda" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Ange sasl-auktorisering-id att använda" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Ange sasl-auktoriseringsrike att använda" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Kerberostjänstens nyckeltabell" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Använd Kerberosautentisering för LDAP-anslutningar" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Följer LDAP-hänvisningar" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Livslängd på TGT för LDAP-anslutning" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Hur alias skall derefereras" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Tjänstenamn för uppslagning av DNS-tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1036,377 +1045,377 @@ msgstr "" + "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram " + "värdnamnets kanoniska form under en SASL-bindning" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "entryUSN-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "lastUSN-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Avaktivera flödesstyrningen (paging) av LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Avaktivera Active Directorys intervallhämtande" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Tidslängd att vänta på en sökbegäran" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Tidslängd att vänta på en uppräkningsbegäran" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Tidslängd mellan uppräkningsuppdateringar" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Tidslängd mellan cache-tömningar" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Kräv TLS för ID-uppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "Använd ID-översättning av objectSID istället för förhandssatta ID:n" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Bas-DN för användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Omfång av användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Filter för användaruppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Objektklass för användare" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Användarnamnsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "UID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Primärt GID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "GECOS-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Hemkatalogattribut" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Skalattribut" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "UUID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "objectSID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "Primärt gruppattribut i Active Directory för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Användarens huvudmansattribut (för Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Fullständigt namn" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "medlemAv-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Modifieringstidsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "attributet shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "shadowMin-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "shadowMax-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "shadowWarning-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "shadowInactive-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "shadowExpire-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "shadowFlag-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Attribut för listning av auktoriserade PAM-tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Attribut för listning av auktoriserade servervärdar" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Attribut för listning av auktoriserade server-rhosts" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "attributet krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "krbPasswordExpiration-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "AD:s attribut accountExpires" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "AD:s attribut userAccountControl" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "attributet nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "NDS attribut loginDisabled" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "NDS attribut loginExpirationTime" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "NDS attribut loginAllowedTimeMap" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Attribut för publik SSH-nyckel" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "attribut för listning av tillåtna autentiseringstyper för en användare" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "attribut som innehåller användarens X509-certifikat" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "attribut som innehåller e-postadresser till användaren" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "En lista över extra attribut att hämta tillsammans med användarposten" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Bas-DN för gruppuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Objektklass för grupper" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Gruppnamn" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Grupplösenord" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "GID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Gruppmedlemsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Grupp-UUID-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Modifieringstidsattribut för grupper" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Typen av grupp och andra flaggor" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "LDAP-gruppens externa medlemsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Maximal nästlingsnivå SSSD kommer följa" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Bas-DN för nätgruppuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Objektklass för nätgrupper" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Nätgruppnamn" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Attribut på nätgruppmedlemmar" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Attribut på nätgruppstripplar" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Modifieringstidsattribut för nätgrupper" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Bas-DN för tjänsteuppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Objektklass för tjänster" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Tjänstenamnsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Tjänsteportsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Tjänsteprotokollsattribut" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Undre gräns för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Övre gräns för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "Antal ID:n till varje skiva vid ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "Använd en autorid-kompatibel algoritm för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Standarddomänens namn för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "Standarddomänens SID för ID-mappning" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Antal sekundära skivor" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Huruvida Token-Groups skall användas" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN för ppolicy-frågor" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "Hur många poster att maximalt hämta i en joker-begäran" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Policy för att utvärdera utgång av lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1414,24 +1423,24 @@ msgstr "" + "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en " + "ändring av lösenord" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Bas-DN för regeluppslagningar" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Intervall mellan automatisk fullständig omläsning" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Intervall mellan automatisk smart omläsning" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1439,137 +1448,137 @@ msgstr "" + "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för " + "att filtrera sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera " + "sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Huruvida regler som innehåller reguljära uttryck i värdattribut skall " + "inkluderas" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Objektklass för sudo-regler" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Sudo-regelnamn" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Attribut för sudo-regelkommandon" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Attribut för sudo-regelvärd" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Attribut för sudo-regelanvändare" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Attribut för sudo-regelflaggor" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Sudo-regel-runas-attribut" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "Attribut för sudo-runasuser" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Attribut på runasgroup i sudo-regel" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Attribut för sudo-notbefore-regler" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Attribut för sudo-notafter-regler" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Attribut för sudo-order-regler" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Objektklass för avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Attribut för namn i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Objektklass för poster i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Attribut för postnycklar i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Attribut på postvärde i avbildning för automatmonteraren" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Kommaseparerad lista över tillåtna användare" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Kommaseparerad lista över förbjudna användare" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Standardskal, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Bas för hemkataloger" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Antal ombudsbarn före grening" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Namnet på NSS-biblioteket att använda" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "PAM-stack att använda" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Sökväg till lösenordsfilkällor." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Sökväg till gruppfilkällor." + +@@ -2494,14 +2503,14 @@ msgid "Search by group ID" + msgstr "Sök via grupp-ID" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Kan inte tolka namnet %s.\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "SSSD-uttaget finns inte." ++msgstr "" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2520,13 +2529,10 @@ msgid "Error while reading configuration directory.\n" + msgstr "" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Filen %1$s finns inte. SSSD kommer använda standardkonfigurationen med " +-"filleverantörer.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +@@ -2543,9 +2549,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Meddelanden genererade under sammanslagning av konfigurationen: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Använda konfigurationssnuttfiler: %u\n" ++msgstr "" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2641,9 +2647,8 @@ msgid "Online status: %s\n" + msgstr "Uppkopplingsstatus: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Visa information om aktiv server" ++msgstr "" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +diff --git a/po/tg.po b/po/tg.po +index 5009cf304..70e00714a 100644 +--- a/po/tg.po ++++ b/po/tg.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:48+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Номи гурӯҳ" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Пароли гурӯҳ" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Аттрибути GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/tr.po b/po/tr.po +index f05e7dca8..a4ba1533f 100644 +--- a/po/tr.po ++++ b/po/tr.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:49+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos sunucu adresi" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/uk.po b/po/uk.po +index 098e0d472..3e73effbc 100644 +--- a/po/uk.po ++++ b/po/uk.po +@@ -14,8 +14,8 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" +-"PO-Revision-Date: 2019-08-16 05:48+0000\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" ++"PO-Revision-Date: 2019-12-02 08:43+0000\n" + "Last-Translator: Yuri Chornoivan \n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/" + "uk/)\n" +@@ -345,13 +345,15 @@ msgstr "Шлях до сховища надійних сертифікатів + + #: src/config/SSSDConfig/__init__.py.in:122 + msgid "Allow to generate ssh-keys from certificates" +-msgstr "" ++msgstr "Дозволити створення ключів SSH з сертифікатів" + + #: src/config/SSSDConfig/__init__.py.in:123 + msgid "" + "Use the following matching rules to filter the certificates for ssh-key " + "generation" + msgstr "" ++"Використати вказані нижче відповідні правила для фільтрування сертифікатів " ++"для створення ключів SSH" + + #: src/config/SSSDConfig/__init__.py.in:126 + msgid "List of UIDs or user names allowed to access the PAC responder" +@@ -788,7 +790,7 @@ msgid "Active Directory client hostname" + msgstr "Назва клієнтського вузла Active Directory" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "Фільтр LDAP для визначення прав доступу" + +@@ -875,216 +877,226 @@ msgid "Option for tuning the machine account renewal task" + msgstr "" + "Параметр налаштовування завдання оновлення облікових записів комп’ютерів" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Адреса сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "Адреса резервного сервера Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "Область Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "Час очікування на розпізнавання" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "Визначає, чи слід створювати файли kdcinfo" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "Місце, куди слід скидати фрагменти налаштувань krb5" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "Адреса кешу реєстраційних даних користувача" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "Увімкнути перевірку реєстраційних даних" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "Поновлюваний строк дії TGT" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "Строк дії TGT" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "Граничний час між двома перевірками для поновлення" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "Вмикає FAST" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "Визначає реєстраційний запис, який слід використовувати для FAST" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "Вмикає перетворення реєстраційних записів у канонічну форму" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "Увімкнути промислові реєстраційні дані" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "Прив’язка імен користувачів до основних імен Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " + "виявити у KDC" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "ldap_uri, адреса URI сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "ldap_backup_uri, адреса сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "Типова базова назва домену" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "Режим для зміни пароля користувача" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "Типова назва домену прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "Тип розпізнавання для типової назви сервера прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "Лексема розпізнавання типової назви сервера прив’язки" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "Проміжок часу між спробами встановлення з’єднання" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + "Проміжок часу між повторними спробами встановлення з’єднання у автономному " + "режимі" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "Використовувати для назв областей лише великі літери" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "Файл, що містить сертифікати CA" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "Шлях до каталогу сертифікатів CA" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "Файл, що містить клієнтський сертифікат" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "Файл, що містить клієнтський ключ" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "Показати список можливих інструментів шифрування" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "Потрібна перевірка сертифіката TLS" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "Вкажіть механізм SASL, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "Вкажіть область уповноваження SASL, яку слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "Таблиця ключів служби Kerberos" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "Розпізнавання Kerberos для з’єднання LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "Переходити за посиланнями LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "Строк дії TGT для з’єднання LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "Спосіб розіменування псевдонімів" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "Назва служби для пошуків за допомогою служби DNS" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + "Кількість учасників, яких має не вистачати для вмикання повного скасування " + "посилань" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" +@@ -1092,390 +1104,390 @@ msgstr "" + "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою " + "переведення назв вузлів у канонічну форму під час прив’язки до SASL" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "Атрибут entryUSN" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "Атрибут lastUSN" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "Вимкнути контроль сторінок у LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "Вимкнути отримання діапазонів Active Directory" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "Тривалість очікування на дані запиту пошуку" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "Тривалість очікування на дані запиту щодо переліку" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "Проміжок часу між оновленнями нумерації" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "Проміжок часу між спорожненнями кешу" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "Вимагати TLS для пошуків ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + "Використовувати відповідності ідентифікаторів objectSID замість попередньо " + "встановлених ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "Базова назва домену для пошуків користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "Діапазон пошуків користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "Фільтр пошуку користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "Клас об’єктів для користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "Атрибут імені користувача" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "Атрибут UID" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "Головний атрибут GID" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "Атрибут GECOS" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "Атрибут домашнього каталогу" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "Атрибут оболонки" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "Атрибут UUID" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "Атрибут objectSID" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + "Атрибут основної групи Active Directory для встановлення відповідності " + "ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "Повне ім'я" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "Атрибут memberOf" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "Атрибут часу зміни" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "Атрибут shadowLastChange" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "Атрибут shadowMin" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "Атрибут shadowMax" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "Атрибут shadowWarning" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "Атрибут shadowInactive" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "Атрибут shadowExpire" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "Атрибут shadowFlag" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "Атрибути зі списком уповноважених служб PAM" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "Атрибути зі списком уповноважених серверних вузлів" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "Атрибути зі списком уповноважених серверних r-вузлів" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "Атрибут krbLastPwdChange" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "Атрибут krbPasswordExpiration" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "Атрибут accountExpires AD" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "Атрибут userAccountControl AD" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "Атрибут nsAccountLock" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "Атрибут loginDisabled NDS" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "Атрибут loginExpirationTime NDS" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "Атрибут loginAllowedTimeMap NDS" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "Атрибут відкритого ключа SSH" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "атрибут зі списком дозволених типів розпізнавання для користувача" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "атрибут, що містить сертифікат X509 користувача" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "атрибут, що містить адресу електронної пошти користувача" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + "Список додаткових атрибутів, які слід отримувати разом із записом користувача" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "Базова назва домену для пошуків груп" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "Клас об’єктів для груп" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "Назва групи" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "Пароль групи" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "Атрибут GID" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "Атрибут членства у групі" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "Атрибут UUID групи" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "Атрибут часу зміни для груп" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "Тип групи та інші прапорці" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "Атрибут групи LDAP зовнішнього учасника" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "Базова назва домену для пошуків груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "Клас об’єктів для груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "Назва мережевої групи" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "Атрибут членства у групах у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "Атрибут трійки груп у мережі" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "Атрибут часу зміни для мережевих груп" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "Базова сервер назв домену для пошуку служб" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "Клас об’єктів для служб" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "Атрибут назви служби" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "Атрибут порту служби" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "Атрибут протоколу служби" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "Нижня межа встановлення відповідності ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "Верхня межа встановлення відповідності ідентифікатора" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + "Кількість ідентифікаторів для кожного зрізу під час встановлення " + "відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + "Використовувати для встановлення відповідності ідентифікаторів алгоритм, " + "сумісний з autorid" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "Назва типового домену для встановлення відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "SID типового домену для встановлення відповідності ідентифікаторів" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "Кількість вторинних зрізів" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "Визначає, чи слід використовувати крупи реєстраційних записів" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "DN для запитів щодо ppolicy" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + "Максимальна кількість записів для отримання під час обробки запитів із " + "замінниками" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "Правила оцінки завершення строку дії пароля" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + "Атрибути які слід використовувати для визначення чинності облікового запису" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + "Правила, які має бути використано для визначення достатності прав доступу" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "Назва у службі DNS сервера зміни паролів LDAP" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" +@@ -1483,25 +1495,25 @@ msgstr "" + "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після " + "зміни пароля" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "Базова назва домену для пошуків правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "Період автоматичного повного оновлення даних" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "Період автоматичного кмітливого оновлення даних" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та " + "мережами" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" +@@ -1509,141 +1521,141 @@ msgstr "" + "Назви вузлів і/або повні назви у домені для цього комп’ютера для " + "фільтрування списку правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку " + "правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті " + "вузла" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті " + "вузла" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "Клас об’єктів для правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" +-msgstr "" ++msgstr "Назва атрибута, який використано як клас об'єктів для правил sudo" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "Назва правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "Атрибут команди правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "Атрибут вузла правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "Атрибут користувача правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "Атрибут параметрів правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "Атрибут runas правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "Атрибут граничного часу початку дії правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "Атрибут граничного часу завершення дії правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "Атрибут порядку правила sudo" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "Клас об’єктів для карт автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "Атрибут назви карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "Клас об’єктів для записів карт автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "Атрибут ключа запису карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "Атрибут значення запису карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "Відокремлений комами список дозволених користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "Відокремлений комами список заборонених користувачів" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "Типова оболонка, /bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "Базова адреса домашніх каталогів" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "Кількість попередньо відгалужених дочірніх проксі-записів." + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "Назва бібліотеки NSS, яку слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це " + "можливо" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "Стек PAM, який слід використовувати" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "Шлях до початкового тексту файла passwd." + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "Шлях до початкового тексту файла group." + +@@ -2579,14 +2591,14 @@ msgid "Search by group ID" + msgstr "Шукати за ідентифікатором групи" + + #: src/tools/sssctl/sssctl_config.c:70 +-#, fuzzy, c-format ++#, c-format + msgid "Failed to open %s\n" +-msgstr "Не вдалося обробити ім'я %s.\n" ++msgstr "Не вдалося відкрити %s\n" + + #: src/tools/sssctl/sssctl_config.c:75 +-#, fuzzy, c-format ++#, c-format + msgid "File %1$s does not exist.\n" +-msgstr "Сокета SSSD не існує." ++msgstr "Файла %1$s не існує.\n" + + #: src/tools/sssctl/sssctl_config.c:79 + msgid "" +@@ -2598,24 +2610,23 @@ msgstr "" + #: src/tools/sssctl/sssctl_config.c:85 + #, c-format + msgid "Failed to load configuration configuration from %s.\n" +-msgstr "" ++msgstr "Не вдалося завантажити налаштування з %s.\n" + + #: src/tools/sssctl/sssctl_config.c:91 + msgid "Error while reading configuration directory.\n" +-msgstr "" ++msgstr "Помилка під час спроби прочитати каталог налаштувань.\n" + + #: src/tools/sssctl/sssctl_config.c:99 +-#, fuzzy + msgid "" + "There is no configuration. SSSD will use default configuration with files " + "provider.\n" + msgstr "" +-"Файла %1$s не існує. SSSD використовуватиме типові налаштування для модуля " +-"надання даних щодо файлів.\n" ++"Немає налаштувань. SSSD використає типові налаштування для засобу надання " ++"файлів.\n" + + #: src/tools/sssctl/sssctl_config.c:111 + msgid "Failed to run validators" +-msgstr "" ++msgstr "Не вдалося запустити засоби перевірки" + + #: src/tools/sssctl/sssctl_config.c:115 + #, c-format +@@ -2628,9 +2639,9 @@ msgid "Messages generated during configuration merging: %zu\n" + msgstr "Повідомлення, створені під час об'єднування налаштувань: %zu\n" + + #: src/tools/sssctl/sssctl_config.c:137 +-#, fuzzy, c-format ++#, c-format + msgid "Used configuration snippet files: %zu\n" +-msgstr "Використані файли фрагментів налаштувань: %u\n" ++msgstr "Використаних файлів фрагментів налаштувань: %zu\n" + + #: src/tools/sssctl/sssctl_data.c:89 + #, c-format +@@ -2730,9 +2741,8 @@ msgid "Online status: %s\n" + msgstr "Стан з'єднання: %s\n" + + #: src/tools/sssctl/sssctl_domains.c:213 +-#, fuzzy + msgid "This domain has no active servers.\n" +-msgstr "Показати дані щодо активного сервера" ++msgstr "У цьому домені немає активних серверів.\n" + + #: src/tools/sssctl/sssctl_domains.c:218 + msgid "Active servers:\n" +@@ -2744,7 +2754,7 @@ msgstr "не з’єднано" + + #: src/tools/sssctl/sssctl_domains.c:267 + msgid "No servers discovered.\n" +-msgstr "" ++msgstr "Не виявлено жодного сервера.\n" + + #: src/tools/sssctl/sssctl_domains.c:273 + #, c-format +diff --git a/po/zh_CN.po b/po/zh_CN.po +index b040b4350..d936fdaa1 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:50+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +@@ -695,7 +695,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -766,737 +766,745 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos 服务器地址" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "验证超时" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/po/zh_TW.po b/po/zh_TW.po +index 12a6f8a97..f4e3ba1bc 100644 +--- a/po/zh_TW.po ++++ b/po/zh_TW.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +-"POT-Creation-Date: 2019-11-30 22:24+0100\n" ++"POT-Creation-Date: 2020-02-12 23:34+0100\n" + "PO-Revision-Date: 2014-12-14 11:50+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" +@@ -694,7 +694,7 @@ msgid "Active Directory client hostname" + msgstr "" + + #: src/config/SSSDConfig/__init__.py.in:240 +-#: src/config/SSSDConfig/__init__.py.in:425 ++#: src/config/SSSDConfig/__init__.py.in:427 + msgid "LDAP filter to determine access privileges" + msgstr "" + +@@ -765,737 +765,746 @@ msgstr "" + msgid "Option for tuning the machine account renewal task" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:257 ++#: src/config/SSSDConfig/__init__.py.in:255 ++msgid "Use LDAPS port for LDAP and Global Catalog requests" ++msgstr "" ++ + #: src/config/SSSDConfig/__init__.py.in:258 ++#: src/config/SSSDConfig/__init__.py.in:259 + msgid "Kerberos server address" + msgstr "Kerberos 伺服器位址" + +-#: src/config/SSSDConfig/__init__.py.in:259 ++#: src/config/SSSDConfig/__init__.py.in:260 + msgid "Kerberos backup server address" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:260 ++#: src/config/SSSDConfig/__init__.py.in:261 + msgid "Kerberos realm" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:261 ++#: src/config/SSSDConfig/__init__.py.in:262 + msgid "Authentication timeout" + msgstr "認證逾時" + +-#: src/config/SSSDConfig/__init__.py.in:262 ++#: src/config/SSSDConfig/__init__.py.in:263 + msgid "Whether to create kdcinfo files" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:263 ++#: src/config/SSSDConfig/__init__.py.in:264 + msgid "Where to drop krb5 config snippets" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:266 ++#: src/config/SSSDConfig/__init__.py.in:267 + msgid "Directory to store credential caches" + msgstr "儲存憑證快取的目錄" + +-#: src/config/SSSDConfig/__init__.py.in:267 ++#: src/config/SSSDConfig/__init__.py.in:268 + msgid "Location of the user's credential cache" + msgstr "使用者憑證快取的位置" + +-#: src/config/SSSDConfig/__init__.py.in:268 ++#: src/config/SSSDConfig/__init__.py.in:269 + msgid "Location of the keytab to validate credentials" + msgstr "驗證憑證用的金鑰表格位置" + +-#: src/config/SSSDConfig/__init__.py.in:269 ++#: src/config/SSSDConfig/__init__.py.in:270 + msgid "Enable credential validation" + msgstr "啟用憑證驗證" + +-#: src/config/SSSDConfig/__init__.py.in:270 ++#: src/config/SSSDConfig/__init__.py.in:271 + msgid "Store password if offline for later online authentication" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:271 ++#: src/config/SSSDConfig/__init__.py.in:272 + msgid "Renewable lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:272 ++#: src/config/SSSDConfig/__init__.py.in:273 + msgid "Lifetime of the TGT" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:273 ++#: src/config/SSSDConfig/__init__.py.in:274 + msgid "Time between two checks for renewal" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:274 ++#: src/config/SSSDConfig/__init__.py.in:275 + msgid "Enables FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:275 ++#: src/config/SSSDConfig/__init__.py.in:276 + msgid "Selects the principal to use for FAST" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:276 ++#: src/config/SSSDConfig/__init__.py.in:277 + msgid "Enables principal canonicalization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:277 ++#: src/config/SSSDConfig/__init__.py.in:278 + msgid "Enables enterprise principals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:278 ++#: src/config/SSSDConfig/__init__.py.in:279 + msgid "A mapping from user names to Kerberos principal names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:281 + #: src/config/SSSDConfig/__init__.py.in:282 ++#: src/config/SSSDConfig/__init__.py.in:283 + msgid "Server where the change password service is running if not on the KDC" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:285 ++#: src/config/SSSDConfig/__init__.py.in:286 + msgid "ldap_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:286 ++#: src/config/SSSDConfig/__init__.py.in:287 + msgid "ldap_backup_uri, The URI of the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:287 ++#: src/config/SSSDConfig/__init__.py.in:288 + msgid "The default base DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:288 ++#: src/config/SSSDConfig/__init__.py.in:289 + msgid "The Schema Type in use on the LDAP server, rfc2307" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:289 ++#: src/config/SSSDConfig/__init__.py.in:290 + msgid "Mode used to change user password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:290 ++#: src/config/SSSDConfig/__init__.py.in:291 + msgid "The default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:291 ++#: src/config/SSSDConfig/__init__.py.in:292 + msgid "The type of the authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:292 ++#: src/config/SSSDConfig/__init__.py.in:293 + msgid "The authentication token of the default bind DN" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:293 ++#: src/config/SSSDConfig/__init__.py.in:294 + msgid "Length of time to attempt connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:294 ++#: src/config/SSSDConfig/__init__.py.in:295 + msgid "Length of time to attempt synchronous LDAP operations" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:295 ++#: src/config/SSSDConfig/__init__.py.in:296 + msgid "Length of time between attempts to reconnect while offline" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:296 ++#: src/config/SSSDConfig/__init__.py.in:297 + msgid "Use only the upper case for realm names" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:297 ++#: src/config/SSSDConfig/__init__.py.in:298 + msgid "File that contains CA certificates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:298 ++#: src/config/SSSDConfig/__init__.py.in:299 + msgid "Path to CA certificate directory" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:299 ++#: src/config/SSSDConfig/__init__.py.in:300 + msgid "File that contains the client certificate" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:300 ++#: src/config/SSSDConfig/__init__.py.in:301 + msgid "File that contains the client key" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:301 ++#: src/config/SSSDConfig/__init__.py.in:302 + msgid "List of possible ciphers suites" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:302 ++#: src/config/SSSDConfig/__init__.py.in:303 + msgid "Require TLS certificate verification" + msgstr "需要 TLS 憑證驗證" + +-#: src/config/SSSDConfig/__init__.py.in:303 ++#: src/config/SSSDConfig/__init__.py.in:304 + msgid "Specify the sasl mechanism to use" + msgstr "指定要使用的 sasl 機制" + +-#: src/config/SSSDConfig/__init__.py.in:304 ++#: src/config/SSSDConfig/__init__.py.in:305 + msgid "Specify the sasl authorization id to use" + msgstr "指定要使用的 sasl 認證 id" + +-#: src/config/SSSDConfig/__init__.py.in:305 ++#: src/config/SSSDConfig/__init__.py.in:306 + msgid "Specify the sasl authorization realm to use" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:306 ++#: src/config/SSSDConfig/__init__.py.in:307 + msgid "Specify the minimal SSF for LDAP sasl authorization" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:307 ++#: src/config/SSSDConfig/__init__.py.in:308 ++#, fuzzy ++msgid "Specify the maximal SSF for LDAP sasl authorization" ++msgstr "指定要使用的 sasl 認證 id" ++ ++#: src/config/SSSDConfig/__init__.py.in:309 + msgid "Kerberos service keytab" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:308 ++#: src/config/SSSDConfig/__init__.py.in:310 + msgid "Use Kerberos auth for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:309 ++#: src/config/SSSDConfig/__init__.py.in:311 + msgid "Follow LDAP referrals" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:310 ++#: src/config/SSSDConfig/__init__.py.in:312 + msgid "Lifetime of TGT for LDAP connection" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:311 ++#: src/config/SSSDConfig/__init__.py.in:313 + msgid "How to dereference aliases" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:312 ++#: src/config/SSSDConfig/__init__.py.in:314 + msgid "Service name for DNS service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:313 ++#: src/config/SSSDConfig/__init__.py.in:315 + msgid "The number of records to retrieve in a single LDAP query" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:314 ++#: src/config/SSSDConfig/__init__.py.in:316 + msgid "The number of members that must be missing to trigger a full deref" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:315 ++#: src/config/SSSDConfig/__init__.py.in:317 + msgid "" + "Whether the LDAP library should perform a reverse lookup to canonicalize the " + "host name during a SASL bind" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:317 ++#: src/config/SSSDConfig/__init__.py.in:319 + msgid "entryUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:318 ++#: src/config/SSSDConfig/__init__.py.in:320 + msgid "lastUSN attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:320 ++#: src/config/SSSDConfig/__init__.py.in:322 + msgid "How long to retain a connection to the LDAP server before disconnecting" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:322 ++#: src/config/SSSDConfig/__init__.py.in:324 + msgid "Disable the LDAP paging control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:323 ++#: src/config/SSSDConfig/__init__.py.in:325 + msgid "Disable Active Directory range retrieval" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:326 ++#: src/config/SSSDConfig/__init__.py.in:328 + msgid "Length of time to wait for a search request" + msgstr "搜尋請求的等候時間長度" + +-#: src/config/SSSDConfig/__init__.py.in:327 ++#: src/config/SSSDConfig/__init__.py.in:329 + msgid "Length of time to wait for a enumeration request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:328 ++#: src/config/SSSDConfig/__init__.py.in:330 + msgid "Length of time between enumeration updates" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:329 ++#: src/config/SSSDConfig/__init__.py.in:331 + msgid "Length of time between cache cleanups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:330 ++#: src/config/SSSDConfig/__init__.py.in:332 + msgid "Require TLS for ID lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:331 ++#: src/config/SSSDConfig/__init__.py.in:333 + msgid "Use ID-mapping of objectSID instead of pre-set IDs" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:332 ++#: src/config/SSSDConfig/__init__.py.in:334 + msgid "Base DN for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:333 ++#: src/config/SSSDConfig/__init__.py.in:335 + msgid "Scope of user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:334 ++#: src/config/SSSDConfig/__init__.py.in:336 + msgid "Filter for user lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:335 ++#: src/config/SSSDConfig/__init__.py.in:337 + msgid "Objectclass for users" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:336 ++#: src/config/SSSDConfig/__init__.py.in:338 + msgid "Username attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:338 ++#: src/config/SSSDConfig/__init__.py.in:340 + msgid "UID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:339 ++#: src/config/SSSDConfig/__init__.py.in:341 + msgid "Primary GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:340 ++#: src/config/SSSDConfig/__init__.py.in:342 + msgid "GECOS attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:341 ++#: src/config/SSSDConfig/__init__.py.in:343 + msgid "Home directory attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:342 ++#: src/config/SSSDConfig/__init__.py.in:344 + msgid "Shell attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:343 ++#: src/config/SSSDConfig/__init__.py.in:345 + msgid "UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:344 +-#: src/config/SSSDConfig/__init__.py.in:386 ++#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:388 + msgid "objectSID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:345 ++#: src/config/SSSDConfig/__init__.py.in:347 + msgid "Active Directory primary group attribute for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:346 ++#: src/config/SSSDConfig/__init__.py.in:348 + msgid "User principal attribute (for Kerberos)" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:347 ++#: src/config/SSSDConfig/__init__.py.in:349 + msgid "Full Name" + msgstr "全名" + +-#: src/config/SSSDConfig/__init__.py.in:348 ++#: src/config/SSSDConfig/__init__.py.in:350 + msgid "memberOf attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:349 ++#: src/config/SSSDConfig/__init__.py.in:351 + msgid "Modification time attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:351 ++#: src/config/SSSDConfig/__init__.py.in:353 + msgid "shadowLastChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:352 ++#: src/config/SSSDConfig/__init__.py.in:354 + msgid "shadowMin attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:353 ++#: src/config/SSSDConfig/__init__.py.in:355 + msgid "shadowMax attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:354 ++#: src/config/SSSDConfig/__init__.py.in:356 + msgid "shadowWarning attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:355 ++#: src/config/SSSDConfig/__init__.py.in:357 + msgid "shadowInactive attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:356 ++#: src/config/SSSDConfig/__init__.py.in:358 + msgid "shadowExpire attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:357 ++#: src/config/SSSDConfig/__init__.py.in:359 + msgid "shadowFlag attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:358 ++#: src/config/SSSDConfig/__init__.py.in:360 + msgid "Attribute listing authorized PAM services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:359 ++#: src/config/SSSDConfig/__init__.py.in:361 + msgid "Attribute listing authorized server hosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:360 ++#: src/config/SSSDConfig/__init__.py.in:362 + msgid "Attribute listing authorized server rhosts" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:361 ++#: src/config/SSSDConfig/__init__.py.in:363 + msgid "krbLastPwdChange attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:362 ++#: src/config/SSSDConfig/__init__.py.in:364 + msgid "krbPasswordExpiration attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:363 ++#: src/config/SSSDConfig/__init__.py.in:365 + msgid "Attribute indicating that server side password policies are active" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:364 ++#: src/config/SSSDConfig/__init__.py.in:366 + msgid "accountExpires attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:365 ++#: src/config/SSSDConfig/__init__.py.in:367 + msgid "userAccountControl attribute of AD" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:366 ++#: src/config/SSSDConfig/__init__.py.in:368 + msgid "nsAccountLock attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:367 ++#: src/config/SSSDConfig/__init__.py.in:369 + msgid "loginDisabled attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:368 ++#: src/config/SSSDConfig/__init__.py.in:370 + msgid "loginExpirationTime attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:369 ++#: src/config/SSSDConfig/__init__.py.in:371 + msgid "loginAllowedTimeMap attribute of NDS" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:370 ++#: src/config/SSSDConfig/__init__.py.in:372 + msgid "SSH public key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:371 ++#: src/config/SSSDConfig/__init__.py.in:373 + msgid "attribute listing allowed authentication types for a user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:372 ++#: src/config/SSSDConfig/__init__.py.in:374 + msgid "attribute containing the X509 certificate of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:373 ++#: src/config/SSSDConfig/__init__.py.in:375 + msgid "attribute containing the email address of the user" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:375 ++#: src/config/SSSDConfig/__init__.py.in:377 + msgid "A list of extra attributes to download along with the user entry" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:377 ++#: src/config/SSSDConfig/__init__.py.in:379 + msgid "Base DN for group lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:380 ++#: src/config/SSSDConfig/__init__.py.in:382 + msgid "Objectclass for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:381 ++#: src/config/SSSDConfig/__init__.py.in:383 + msgid "Group name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:382 ++#: src/config/SSSDConfig/__init__.py.in:384 + msgid "Group password" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:383 ++#: src/config/SSSDConfig/__init__.py.in:385 + msgid "GID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:384 ++#: src/config/SSSDConfig/__init__.py.in:386 + msgid "Group member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:385 ++#: src/config/SSSDConfig/__init__.py.in:387 + msgid "Group UUID attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:387 ++#: src/config/SSSDConfig/__init__.py.in:389 + msgid "Modification time attribute for groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:388 ++#: src/config/SSSDConfig/__init__.py.in:390 + msgid "Type of the group and other flags" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:389 ++#: src/config/SSSDConfig/__init__.py.in:391 + msgid "The LDAP group external member attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:391 ++#: src/config/SSSDConfig/__init__.py.in:393 + msgid "Maximum nesting level SSSD will follow" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:393 ++#: src/config/SSSDConfig/__init__.py.in:395 + msgid "Base DN for netgroup lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:394 ++#: src/config/SSSDConfig/__init__.py.in:396 + msgid "Objectclass for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:395 ++#: src/config/SSSDConfig/__init__.py.in:397 + msgid "Netgroup name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:396 ++#: src/config/SSSDConfig/__init__.py.in:398 + msgid "Netgroups members attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:397 ++#: src/config/SSSDConfig/__init__.py.in:399 + msgid "Netgroup triple attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:398 ++#: src/config/SSSDConfig/__init__.py.in:400 + msgid "Modification time attribute for netgroups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:400 ++#: src/config/SSSDConfig/__init__.py.in:402 + msgid "Base DN for service lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:401 ++#: src/config/SSSDConfig/__init__.py.in:403 + msgid "Objectclass for services" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:402 ++#: src/config/SSSDConfig/__init__.py.in:404 + msgid "Service name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:403 ++#: src/config/SSSDConfig/__init__.py.in:405 + msgid "Service port attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:404 ++#: src/config/SSSDConfig/__init__.py.in:406 + msgid "Service protocol attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:407 ++#: src/config/SSSDConfig/__init__.py.in:409 + msgid "Lower bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:408 ++#: src/config/SSSDConfig/__init__.py.in:410 + msgid "Upper bound for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:409 ++#: src/config/SSSDConfig/__init__.py.in:411 + msgid "Number of IDs for each slice when ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:410 ++#: src/config/SSSDConfig/__init__.py.in:412 + msgid "Use autorid-compatible algorithm for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:411 ++#: src/config/SSSDConfig/__init__.py.in:413 + msgid "Name of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:412 ++#: src/config/SSSDConfig/__init__.py.in:414 + msgid "SID of the default domain for ID-mapping" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:413 ++#: src/config/SSSDConfig/__init__.py.in:415 + msgid "Number of secondary slices" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:415 ++#: src/config/SSSDConfig/__init__.py.in:417 + msgid "Whether to use Token-Groups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:416 ++#: src/config/SSSDConfig/__init__.py.in:418 + msgid "Set lower boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:417 ++#: src/config/SSSDConfig/__init__.py.in:419 + msgid "Set upper boundary for allowed IDs from the LDAP server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:418 ++#: src/config/SSSDConfig/__init__.py.in:420 + msgid "DN for ppolicy queries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:419 ++#: src/config/SSSDConfig/__init__.py.in:421 + msgid "How many maximum entries to fetch during a wildcard request" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:422 ++#: src/config/SSSDConfig/__init__.py.in:424 + msgid "Policy to evaluate the password expiration" + msgstr "評估密碼過期時效的策略" + +-#: src/config/SSSDConfig/__init__.py.in:426 ++#: src/config/SSSDConfig/__init__.py.in:428 + msgid "Which attributes shall be used to evaluate if an account is expired" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:427 ++#: src/config/SSSDConfig/__init__.py.in:429 + msgid "Which rules should be used to evaluate access control" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:430 ++#: src/config/SSSDConfig/__init__.py.in:432 + msgid "URI of an LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:431 ++#: src/config/SSSDConfig/__init__.py.in:433 + msgid "URI of a backup LDAP server where password changes are allowed" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:432 ++#: src/config/SSSDConfig/__init__.py.in:434 + msgid "DNS service name for LDAP password change server" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:433 ++#: src/config/SSSDConfig/__init__.py.in:435 + msgid "" + "Whether to update the ldap_user_shadow_last_change attribute after a " + "password change" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:436 ++#: src/config/SSSDConfig/__init__.py.in:438 + msgid "Base DN for sudo rules lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:437 ++#: src/config/SSSDConfig/__init__.py.in:439 + msgid "Automatic full refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:438 ++#: src/config/SSSDConfig/__init__.py.in:440 + msgid "Automatic smart refresh period" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:439 ++#: src/config/SSSDConfig/__init__.py.in:441 + msgid "Whether to filter rules by hostname, IP addresses and network" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:440 ++#: src/config/SSSDConfig/__init__.py.in:442 + msgid "" + "Hostnames and/or fully qualified domain names of this machine to filter sudo " + "rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:441 ++#: src/config/SSSDConfig/__init__.py.in:443 + msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:442 ++#: src/config/SSSDConfig/__init__.py.in:444 + msgid "Whether to include rules that contains netgroup in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:443 ++#: src/config/SSSDConfig/__init__.py.in:445 + msgid "" + "Whether to include rules that contains regular expression in host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:444 ++#: src/config/SSSDConfig/__init__.py.in:446 + msgid "Object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:445 ++#: src/config/SSSDConfig/__init__.py.in:447 + msgid "Name of attribute that is used as object class for sudo rules" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:446 ++#: src/config/SSSDConfig/__init__.py.in:448 + msgid "Sudo rule name" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:447 ++#: src/config/SSSDConfig/__init__.py.in:449 + msgid "Sudo rule command attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:448 ++#: src/config/SSSDConfig/__init__.py.in:450 + msgid "Sudo rule host attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:449 ++#: src/config/SSSDConfig/__init__.py.in:451 + msgid "Sudo rule user attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:450 ++#: src/config/SSSDConfig/__init__.py.in:452 + msgid "Sudo rule option attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:451 ++#: src/config/SSSDConfig/__init__.py.in:453 + msgid "Sudo rule runas attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:452 ++#: src/config/SSSDConfig/__init__.py.in:454 + msgid "Sudo rule runasuser attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:453 ++#: src/config/SSSDConfig/__init__.py.in:455 + msgid "Sudo rule runasgroup attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:454 ++#: src/config/SSSDConfig/__init__.py.in:456 + msgid "Sudo rule notbefore attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:455 ++#: src/config/SSSDConfig/__init__.py.in:457 + msgid "Sudo rule notafter attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:456 ++#: src/config/SSSDConfig/__init__.py.in:458 + msgid "Sudo rule order attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:459 ++#: src/config/SSSDConfig/__init__.py.in:461 + msgid "Object class for automounter maps" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:460 ++#: src/config/SSSDConfig/__init__.py.in:462 + msgid "Automounter map name attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:461 ++#: src/config/SSSDConfig/__init__.py.in:463 + msgid "Object class for automounter map entries" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:462 ++#: src/config/SSSDConfig/__init__.py.in:464 + msgid "Automounter map entry key attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:463 ++#: src/config/SSSDConfig/__init__.py.in:465 + msgid "Automounter map entry value attribute" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:464 ++#: src/config/SSSDConfig/__init__.py.in:466 + msgid "Base DN for automounter map lookups" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:467 ++#: src/config/SSSDConfig/__init__.py.in:469 + msgid "Comma separated list of allowed users" + msgstr "許可的使用者清單,請使用半形逗號作為分隔" + +-#: src/config/SSSDConfig/__init__.py.in:468 ++#: src/config/SSSDConfig/__init__.py.in:470 + msgid "Comma separated list of prohibited users" + msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" + +-#: src/config/SSSDConfig/__init__.py.in:471 ++#: src/config/SSSDConfig/__init__.py.in:473 + msgid "Default shell, /bin/bash" + msgstr "預設 shell,/bin/bash" + +-#: src/config/SSSDConfig/__init__.py.in:472 ++#: src/config/SSSDConfig/__init__.py.in:474 + msgid "Base for home directories" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:475 ++#: src/config/SSSDConfig/__init__.py.in:477 + msgid "The number of preforked proxy children." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:478 ++#: src/config/SSSDConfig/__init__.py.in:480 + msgid "The name of the NSS library to use" + msgstr "要使用的 NSS 函式庫名稱" + +-#: src/config/SSSDConfig/__init__.py.in:479 ++#: src/config/SSSDConfig/__init__.py.in:481 + msgid "Whether to look up canonical group name from cache if possible" + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:482 ++#: src/config/SSSDConfig/__init__.py.in:484 + msgid "PAM stack to use" + msgstr "要使用的 PAM 堆疊" + +-#: src/config/SSSDConfig/__init__.py.in:485 ++#: src/config/SSSDConfig/__init__.py.in:487 + msgid "Path of passwd file sources." + msgstr "" + +-#: src/config/SSSDConfig/__init__.py.in:486 ++#: src/config/SSSDConfig/__init__.py.in:488 + msgid "Path of group file sources." + msgstr "" + +diff --git a/src/man/po/br.po b/src/man/po/br.po +index e6f1d4dc7..414322a17 100644 +--- a/src/man/po/br.po ++++ b/src/man/po/br.po +@@ -6,9 +6,9 @@ + # Fulup , 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:51+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" +@@ -300,9 +300,9 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Dre ziouer : true" +@@ -322,16 +322,16 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -360,7 +360,7 @@ msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -658,8 +658,8 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -768,10 +768,8 @@ msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Dre zoiuer : 5" ++msgstr "" + + #. type: Content of: + #: sssd.conf.5.xml:512 +@@ -1741,7 +1739,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Dre ziouer : 0" + +@@ -1805,7 +1803,7 @@ msgstr "" + #. type: Content of: + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1870,8 +1868,8 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5040,34 +5038,53 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"ldap_connection_expire_offset" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"ldap_connection_expire_timeout." ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5075,14 +5092,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5090,17 +5107,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5110,12 +5127,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5123,17 +5140,30 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5141,7 +5171,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5152,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5161,7 +5191,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "Note: If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5169,26 +5199,26 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "never = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "allow = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5226,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "try = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5204,7 +5234,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "demand = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5212,41 +5242,41 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "hard = Same as demand" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that sssd will recognize." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in /etc/openldap/ldap." + "conf" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5255,32 +5285,32 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See ldap.conf " +@@ -5288,24 +5318,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use tls to protect the channel." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5313,17 +5343,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5334,24 +5364,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5362,12 +5392,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5380,7 +5410,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5392,17 +5422,17 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5410,49 +5440,49 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally /etc/krb5.keytab" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5460,28 +5490,28 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5493,7 +5523,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5501,7 +5531,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named krb5_kdcip in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5509,39 +5539,39 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see /etc/krb5.conf" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5551,7 +5581,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the sssd_krb5_locator_plugin 8 manual page for more " +@@ -5559,26 +5589,26 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "none - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "shadow - Use shadow 5 style attributes to " +@@ -5586,7 +5616,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "mit_kerberos - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5594,31 +5624,31 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "Note: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5627,56 +5657,56 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5692,12 +5722,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5706,14 +5736,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5722,24 +5752,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5747,19 +5777,19 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "shadow: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "ad: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5768,7 +5798,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "rhds, ipa, 389ds: use the value of ldap_ns_account_lock to check if access is " +@@ -5776,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "nds: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5785,7 +5815,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option must include expire in order for the " +@@ -5793,22 +5823,22 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "filter: use ldap_access_filter" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "lockout: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5818,14 +5848,14 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + " Please note that this option is superseded by the ppolicy option and might be removed in a future release. " + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "ppolicy: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5838,12 +5868,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "expire: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: These options are useful if users are " +@@ -5853,7 +5883,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5863,63 +5893,63 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "authorized_service: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "host: use the host attribute to determine access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "rhost: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5928,74 +5958,74 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "never: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "searching: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "finding: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "always: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as never by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6006,7 +6036,7 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6014,24 +6044,24 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6048,12 +6078,12 @@ msgid "" + msgstr "" + + #. type: Content of: +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6061,36 +6091,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6098,14 +6128,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6115,101 +6145,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6218,59 +6248,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6279,22 +6309,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6303,14 +6333,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6318,7 +6348,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6331,27 +6361,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6367,13 +6397,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7903,7 +7933,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7918,7 +7948,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7933,12 +7963,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7959,12 +7989,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7988,17 +8018,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8006,7 +8036,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8033,7 +8063,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8046,12 +8076,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8070,60 +8100,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8237,26 +8267,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9696,9 +9726,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9708,19 +9754,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9730,12 +9776,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9743,7 +9789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9758,7 +9804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9767,7 +9813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9775,7 +9821,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9785,7 +9831,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13904,10 +13950,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "Dre ziouer : 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13923,10 +13967,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "Dre ziouer : 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15429,10 +15471,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "RANNOÙ SERVIJOÙ" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +diff --git a/src/man/po/ca.po b/src/man/po/ca.po +index adf6edf19..e2dfb3ef8 100644 +--- a/src/man/po/ca.po ++++ b/src/man/po/ca.po +@@ -12,9 +12,9 @@ + # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2015-10-18 04:13+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +@@ -334,9 +334,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Per defecte: true" +@@ -359,16 +359,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Per defecte: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -397,7 +397,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Per defecte: 10" + +@@ -592,10 +592,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booleà)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -611,21 +609,11 @@ msgstr "try_inotify (booleà)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar " +-"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify " +-"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es " +-"pot utilitzar l'inotify." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -735,13 +723,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -752,15 +733,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris " +-"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom." +-"domini, per iniciar la sessió. En establir aquesta opció es canvia el " +-"predeterminat d'use_fully_qualified_names a True. No està permès l'ús " +-"d'aquesta opció juntament amb use_fully_qualified_names establert a False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -869,10 +845,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Per defecte: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1911,7 +1885,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Per defecte: 0" + +@@ -1975,7 +1949,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Per defecte: none" + +@@ -2040,8 +2014,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Per defecte: False" +@@ -2363,10 +2337,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2387,10 +2359,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Per defecte: sense establir (no se substituiran els espais)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5378,34 +5348,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Per defecte: 900 (15 minuts)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (enter)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Per defecte: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5413,14 +5404,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5428,17 +5419,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5448,12 +5439,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5461,17 +5452,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (enter)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5479,7 +5485,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5490,7 +5496,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5499,7 +5505,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5507,12 +5513,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5522,7 +5528,7 @@ msgstr "" + "valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5531,7 +5537,7 @@ msgstr "" + "certificat del servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5543,7 +5549,7 @@ msgstr "" + "normalment." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5554,7 +5560,7 @@ msgstr "" + "proporciona un certificat dolent, immediatament s'acaba la sessió." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5565,22 +5571,22 @@ msgstr "" + "immediatament s'acaba la sessió." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Per defecte: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5589,7 +5595,7 @@ msgstr "" + "Certificació que reconeixerà l'<command>sssd</command>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5598,12 +5604,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5617,32 +5623,32 @@ msgstr "" + "correctes." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5650,12 +5656,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5664,12 +5670,12 @@ msgstr "" + "class=\"protocol\">tls</systemitem> per a protegir el canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5677,17 +5683,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5698,24 +5704,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5726,12 +5732,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5744,7 +5750,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5756,17 +5762,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5774,51 +5780,51 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Per defecte: el valor de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Per defecte: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5826,28 +5832,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Per defecte: 86400 (24 hores)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5859,7 +5865,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5870,7 +5876,7 @@ msgstr "" + "retorna a _tcp si no se'n troba cap." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5882,41 +5888,41 @@ msgstr "" + "<quote>krb5_server</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" + "krb5.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5926,7 +5932,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5934,12 +5940,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -5948,7 +5954,7 @@ msgstr "" + "costat del client. S'admeten els valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -5957,7 +5963,7 @@ msgstr "" + "opció no inhabilita les polítiques de contrasenya de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5965,7 +5971,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5977,25 +5983,25 @@ msgstr "" + "contrasenya." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6004,7 +6010,7 @@ msgstr "" + "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6013,29 +6019,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Especifica el nom de servei per utilitzar quan està habilitada la detecció " + "de serveis." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Per defecte: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6045,30 +6051,30 @@ msgstr "" + "dels serveis." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6084,12 +6090,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exemple:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6098,14 +6104,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6114,17 +6120,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Per defecte: Buit" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6133,7 +6139,7 @@ msgstr "" + "d'atributs de control d'accés." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6145,12 +6151,12 @@ msgstr "" + "contrasenya és correcta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "S'admeten els valors següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6159,7 +6165,7 @@ msgstr "" + "determinar si el compte ha caducat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6168,7 +6174,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6176,7 +6182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6185,7 +6191,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6193,24 +6199,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Llista separada per comes d'opcions de control d'accés. Els valors permesos " + "són:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6220,14 +6226,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6240,12 +6246,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6255,7 +6261,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6265,20 +6271,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6287,31 +6293,31 @@ msgstr "" + "authorizedService per determinar l'accés" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Per defecte: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6320,12 +6326,12 @@ msgstr "" + "s'utilitza més d'una vegada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6334,22 +6340,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6358,13 +6364,13 @@ msgstr "" + "es fa una cerca. S'admeten les opcions següents:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6374,7 +6380,7 @@ msgstr "" + "de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6383,7 +6389,7 @@ msgstr "" + "només en localitzar l'objecte base de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6392,7 +6398,7 @@ msgstr "" + "en la recerca i en la localització de l'objecte base de la cerca." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6401,19 +6407,19 @@ msgstr "" + "biblioteques de client LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6424,7 +6430,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6432,36 +6438,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6471,20 +6470,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Totes les opcions comunes de configuració que s'apliquen als dominis SSD " +-"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS " +-"DE DOMINI</quote> de la pàgina de manual de <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id=" +-"\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPCIONS DE SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6492,36 +6485,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Per defecte: 21600 (6 hores)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6529,14 +6522,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6546,101 +6539,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6649,59 +6642,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPCIONS D'AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Per defecte: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPCIONS AVANÇADES" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6710,22 +6703,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6734,14 +6727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6752,7 +6745,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6765,27 +6758,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6801,13 +6794,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8451,7 +8444,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booleà)" + +@@ -8466,7 +8459,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8481,12 +8474,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (enter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8507,12 +8500,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8536,17 +8529,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8554,7 +8547,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8581,7 +8574,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (enter)" + +@@ -8594,12 +8587,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8618,60 +8611,60 @@ msgid "Default: False (disabled)" + msgstr "Per defecte: False (inhabilitat)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (booleà)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8785,26 +8778,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10268,9 +10261,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booleà)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10280,19 +10291,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Per defecte: 3600 (segons)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10302,12 +10313,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Per defecte: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10315,7 +10326,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10339,7 +10350,7 @@ msgstr "" + "ad_domain = exemple.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10351,7 +10362,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10359,7 +10370,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10369,7 +10380,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -10897,16 +10908,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les " +-"aplicacions clients no utilitzaran el fast en la memòria cau." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -11998,20 +12003,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> for more information on configuring Kerberos." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu " +-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +-"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -14753,26 +14750,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the IPA provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA " +-"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la " +-"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual " +-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -14801,10 +14784,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -14818,10 +14799,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id, max_id (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -14832,17 +14811,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Per defecte: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (enter)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14853,10 +14828,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Per defecte: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15057,17 +15030,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -15336,10 +15304,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -15358,28 +15324,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Proveïdor de LDAP de l'SSSD" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -15387,12 +15341,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per " +-"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</" +-"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir " +-"informació detallada de la sintaxi." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16210,10 +16158,8 @@ msgstr "ldap_group_modify_timestamp (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -16428,10 +16374,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECCIONS DELS SERVEIS" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -16665,10 +16609,8 @@ msgstr "Per defecte: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPCIONS D'AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -16917,10 +16859,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (enter)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -18005,9 +17945,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Per defecte: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (enter)" +diff --git a/src/man/po/cs.po b/src/man/po/cs.po +index 4642fe99e..086df21c0 100644 +--- a/src/man/po/cs.po ++++ b/src/man/po/cs.po +@@ -8,9 +8,9 @@ + # Pavel Borecki <pavel.borecki@gmail.com>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-06-21 02:15+0000\n" + "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" + "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/" +@@ -298,9 +298,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -320,16 +320,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -358,7 +358,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -656,8 +656,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -766,10 +766,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: sha256" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1739,7 +1737,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1803,7 +1801,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1868,8 +1866,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5040,34 +5038,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_idmap_range_size (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_idmap_range_size (celé číslo)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5075,14 +5094,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5090,17 +5109,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5110,12 +5129,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5123,17 +5142,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_idmap_range_max (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_idmap_range_max (celé číslo)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5141,7 +5175,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5152,7 +5186,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5161,7 +5195,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5169,26 +5203,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5230,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5204,7 +5238,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5212,41 +5246,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5255,32 +5289,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5288,24 +5322,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5313,17 +5347,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5334,24 +5368,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5362,12 +5396,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5380,7 +5414,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5392,17 +5426,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5410,49 +5444,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5460,28 +5494,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5493,7 +5527,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5501,7 +5535,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5509,39 +5543,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5551,7 +5585,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5559,26 +5593,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5586,7 +5620,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5594,31 +5628,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5627,56 +5661,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5692,12 +5726,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5706,14 +5740,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5722,24 +5756,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5747,19 +5781,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5768,7 +5802,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5776,7 +5810,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5785,7 +5819,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5793,22 +5827,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5818,14 +5852,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5838,12 +5872,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5853,7 +5887,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5863,63 +5897,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5928,74 +5962,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6006,7 +6040,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6014,24 +6048,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6048,12 +6082,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6061,36 +6095,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6098,14 +6132,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6115,101 +6149,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6218,59 +6252,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6279,22 +6313,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6303,14 +6337,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6318,7 +6352,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6331,27 +6365,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6367,13 +6401,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7908,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7923,7 +7957,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7938,12 +7972,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7964,12 +7998,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7993,17 +8027,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8011,7 +8045,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8038,7 +8072,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8051,12 +8085,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8075,60 +8109,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8242,26 +8276,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9701,9 +9735,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9713,19 +9763,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9735,12 +9785,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9748,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9763,7 +9813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9772,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9780,7 +9830,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9790,7 +9840,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13887,10 +13937,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_ccaches (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13904,10 +13952,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13918,17 +13964,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: 64" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_idmap_range_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_idmap_range_size (celé číslo)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13939,10 +13981,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 200000" + msgid "Default: 65536" +-msgstr "Výchozí: 200000" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14131,10 +14171,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_search_send" + msgid "probe sdap_parse_entry" +-msgstr "vyzkouší sdap_search_send" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -14154,10 +14192,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "probe dp_req_done" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -15236,10 +15272,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "simple_deny_groups (string)" + msgid "ldap_group_type (string)" +-msgstr "simple_deny_groups (řetězec)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -15938,10 +15972,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +diff --git a/src/man/po/de.po b/src/man/po/de.po +index cb8d12f78..6e65e6abc 100644 +--- a/src/man/po/de.po ++++ b/src/man/po/de.po +@@ -8,9 +8,9 @@ + # Mario Blättermann <mario.blaettermann@gmail.com>, 2014 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:53+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/" +@@ -324,9 +324,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Voreinstellung: »true«" +@@ -346,16 +346,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Voreinstellung: »false«" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -384,7 +384,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Voreinstellung: 10" + +@@ -582,10 +582,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (Boolesch)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -601,22 +599,11 @@ msgstr "try_inotify (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es " +-"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir " +-"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden " +-"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« " +-"abzufragen." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -738,8 +725,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -848,10 +835,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Voreinstellung: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1929,7 +1914,7 @@ msgstr "" + "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Voreinstellung: 0" + +@@ -1993,7 +1978,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Voreinstellung: none" + +@@ -2058,8 +2043,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Voreinstellung: False" +@@ -2392,10 +2377,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_extra_attrs (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_extra_attrs (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2416,10 +2399,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set, i.e. FAST is not used." + msgid "Default: not set, all found rules are used" +-msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5638,17 +5619,38 @@ msgstr "" + "Lebensdauer) verwendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Voreinstellung: 900 (15 Minuten)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (Ganzzahl)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5658,17 +5660,17 @@ msgstr "" + "pro Anfrage." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Voreinstellung: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5680,7 +5682,7 @@ msgstr "" + "deaktiviert ist oder sich nicht ordnungsgemäß verhält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5690,7 +5692,7 @@ msgstr "" + "aber nicht in der Lage, es zu benutzen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5702,17 +5704,17 @@ msgstr "" + "abgelehnt werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "deaktiviert die Bereichsabfrage von Active Directory" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5728,12 +5730,12 @@ msgstr "" + "es so aussehen, als ob große Gruppen keine Mitglieder hätten." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5744,19 +5746,42 @@ msgstr "" + "Werte dieser Option werden durch OpenLDAP definiert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " + "»ldap.conf« angegeben)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (Ganzzahl)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die " ++"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die " ++"Werte dieser Option werden durch OpenLDAP definiert." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5768,7 +5793,7 @@ msgstr "" + "nachgeschlagen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5779,7 +5804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5792,7 +5817,7 @@ msgstr "" + "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5803,12 +5828,12 @@ msgstr "" + "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5818,7 +5843,7 @@ msgstr "" + "Werte angegeben werden:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5827,7 +5852,7 @@ msgstr "" + "oder anfordern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5839,7 +5864,7 @@ msgstr "" + "Sitzung fährt normal fort." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5850,7 +5875,7 @@ msgstr "" + "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5861,22 +5886,22 @@ msgstr "" + "sofort beendet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = entspricht »demand«" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Voreinstellung: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5885,7 +5910,7 @@ msgstr "" + "die <command>sssd</command> erkennen wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5894,12 +5919,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5913,33 +5938,33 @@ msgstr "" + "Erstellen der korrekten Namen verwendet werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5947,12 +5972,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5961,12 +5986,12 @@ msgstr "" + "\">tls</systemitem> benutzen muss, um den Kanal abzusichern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5978,19 +6003,19 @@ msgstr "" + "verlassen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" + "Directory-ObjectSIDs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6009,24 +6034,24 @@ msgstr "" + "Abbildung von IDs wählen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6037,12 +6062,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6055,7 +6080,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6067,17 +6092,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6088,17 +6113,17 @@ msgstr "" + "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Voreinstellung: der Wert von »krb5_realm«" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6108,34 +6133,34 @@ msgstr "" + "Bind in eine kanonische Form zu bringen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Voreinstellung: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6143,28 +6168,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Voreinstellung: 86400 (24 Stunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6183,7 +6208,7 @@ msgstr "" + "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6194,7 +6219,7 @@ msgstr "" + "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6206,29 +6231,29 @@ msgstr "" + "migrieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6238,12 +6263,12 @@ msgstr "" + "Kerberos >= 1.7 verfügbar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6259,7 +6284,7 @@ msgstr "" + "manvolnum> </citerefentry> einrichten." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6270,12 +6295,12 @@ msgstr "" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6284,7 +6309,7 @@ msgstr "" + "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6293,7 +6318,7 @@ msgstr "" + "kann keine Server-seitigen Passwortregelwerke deaktivieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6304,7 +6329,7 @@ msgstr "" + "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6316,7 +6341,7 @@ msgstr "" + "Passwort geändert wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6326,17 +6351,17 @@ msgstr "" + "festgelegten Regel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6345,7 +6370,7 @@ msgstr "" + "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6359,28 +6384,28 @@ msgstr "" + "merkliche Leistungsverbesserung bringen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Voreinstellung: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6389,17 +6414,17 @@ msgstr "" + "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6408,12 +6433,12 @@ msgstr "" + "Passwortänderung mit Unix-Zeit geändert wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6443,12 +6468,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Beispiel:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6460,7 +6485,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -6469,7 +6494,7 @@ msgstr "" + "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6478,17 +6503,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Voreinstellung: leer" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6497,7 +6522,7 @@ msgstr "" + "Zugriffssteuerungsattribute aktiviert werden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6508,12 +6533,12 @@ msgstr "" + "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Die folgenden Werte sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6522,7 +6547,7 @@ msgstr "" + "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6535,7 +6560,7 @@ msgstr "" + "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6546,7 +6571,7 @@ msgstr "" + "Zugriff erlaubt wird oder nicht." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6559,7 +6584,7 @@ msgstr "" + "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6570,24 +6595,24 @@ msgstr "" + "»ldap_account_expire_policy« funktioniert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " + "sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6597,14 +6622,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6617,12 +6642,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6632,7 +6657,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6642,20 +6667,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6664,33 +6689,33 @@ msgstr "" + "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " + "ob Zugriff gewährt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Voreinstellung: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6699,12 +6724,12 @@ msgstr "" + "mehr als einmal benutzt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6713,22 +6738,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6737,12 +6762,12 @@ msgstr "" + "folgenden Optionen sind erlaubt:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6752,7 +6777,7 @@ msgstr "" + "Suche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6761,7 +6786,7 @@ msgstr "" + "der Suche dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6770,7 +6795,7 @@ msgstr "" + "Orten des Basisobjekts der Suche dereferenziert." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6779,12 +6804,12 @@ msgstr "" + "<emphasis>never</emphasis> gehandhabt.)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -6793,7 +6818,7 @@ msgstr "" + "beizubehalten, die das Schema RFC2307 benutzen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6811,7 +6836,7 @@ msgstr "" + "getpw*() oder initgroups() abzurufen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6822,36 +6847,29 @@ msgstr "" + "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6861,19 +6879,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten " +-"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt " +-"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder " +-"type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDO-OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6884,12 +6897,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -6899,7 +6912,7 @@ msgstr "" + "heruntergeladen werden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6908,17 +6921,17 @@ msgstr "" + "emphasis> sein." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Voreinstellung: 21600 (6 Stunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6926,7 +6939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -6935,7 +6948,7 @@ msgstr "" + "das Attribut »modifyTimestamp« benutzt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6945,12 +6958,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -6960,12 +6973,12 @@ msgstr "" + "Netzwerkadressen und Rechnernamen)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -6974,7 +6987,7 @@ msgstr "" + "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -6983,8 +6996,8 @@ msgstr "" + "voll qualifizierten Domain-Namen automatisch herauszufinden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -6993,17 +7006,17 @@ msgstr "" + "emphasis> ist, hat diese Option keine Auswirkungen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Voreinstellung: nicht angegeben" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7012,7 +7025,7 @@ msgstr "" + "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7021,12 +7034,12 @@ msgstr "" + "herauszufinden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7035,12 +7048,12 @@ msgstr "" + "eine Netzgruppe im Attribut »sudoHost« enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7049,14 +7062,14 @@ msgstr "" + "einen Platzhalter im Attribut »sudoHost« enthält." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7069,59 +7082,59 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFS-OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Der Name der Automount-Master-Abbildung in LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Voreinstellung: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "ERWEITERTE OPTIONEN" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7130,22 +7143,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7154,14 +7167,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "BEISPIEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7172,7 +7185,7 @@ msgstr "" + "gesetzt ist." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7185,27 +7198,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7221,13 +7234,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ANMERKUNGEN" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8879,7 +8892,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (Boolesch)" + +@@ -8894,7 +8907,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8916,12 +8929,12 @@ msgstr "" + "Konfigurationsdatei migrieren." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (Ganzzahl)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8950,12 +8963,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Voreinstellung: 1200 (Sekunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8983,17 +8996,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9001,7 +9014,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -9036,7 +9049,7 @@ msgstr "" + "gefundenen als Sicherungsserver." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (Ganzzahl)" + +@@ -9052,12 +9065,12 @@ msgstr "" + "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9082,12 +9095,12 @@ msgid "Default: False (disabled)" + msgstr "Voreinstellung: False (deaktiviert)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (Boolesch)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -9096,48 +9109,48 @@ msgstr "" + "DNS-Server verwenden soll" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -9264,26 +9277,26 @@ msgstr "" + "zu verwenden." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10198,20 +10211,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " + "information on the supported policy settings please refer to the " + "<quote>ad_gpo_map</quote> options." + msgstr "" +-"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu " +-"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner " +-"anmelden darf." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -10266,16 +10271,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -10288,16 +10283,6 @@ msgid "" + "functions' is required (see <citerefentry> <refentrytitle>sssctl</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." + msgstr "" +-"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es " +-"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, " +-"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln " +-"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu " +-"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der " +-"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet " +-"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff " +-"verweigert werden würde. Nach dem Untersuchen der Protokolle können " +-"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf " +-"»enforcing« gesetzt wird." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -10849,9 +10834,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (Boolesch)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10868,19 +10871,19 @@ msgstr "" + "»dyndns_iface« angegeben wurde." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Voreinstellung: 3600 (Sekunden)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10890,12 +10893,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Voreinstellung: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10907,7 +10910,7 @@ msgstr "" + "Optionen von AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10931,7 +10934,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10943,7 +10946,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10954,7 +10957,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10964,7 +10967,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -11553,17 +11556,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, " +-"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher " +-"nicht." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12779,20 +12775,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Weitere Informationen über die Locator-Erweiterung finden Sie auf der " +-"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -15539,25 +15527,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -15586,10 +15561,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -15603,10 +15576,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -15617,17 +15588,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Voreinstellung: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (Ganzzahl)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -15638,10 +15605,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Voreinstellung: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15842,17 +15807,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16121,10 +16081,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16143,28 +16101,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "SSSD LDAP-Anbieter" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16172,11 +16118,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt " +-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -17043,10 +16984,8 @@ msgstr "ldap_group_modify_timestamp (Zeichenkette)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (Zeichenkette)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -17271,10 +17210,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "DIENSTABSCHNITTE" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -17522,10 +17459,8 @@ msgstr "Voreinstellung: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFS-OPTIONEN" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -17825,10 +17760,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (Ganzzahl)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -19037,20 +18970,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Voreinstellung: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (Ganzzahl)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/es.po b/src/man/po/es.po +index f32f5fbae..3f20f2a0d 100644 +--- a/src/man/po/es.po ++++ b/src/man/po/es.po +@@ -13,12 +13,13 @@ + # Daniel Cabrera <logan@fedoraproject.org>, 2011 + # Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata + # Emilio Herrera <ehespinosa57@gmail.com>, 2019. #zanata ++# Emilio Herrera <ehespinosa57@gmail.com>, 2020. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" +-"PO-Revision-Date: 2019-11-16 03:52+0000\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" ++"PO-Revision-Date: 2020-01-30 03:01+0000\n" + "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/" + "es/)\n" +@@ -364,9 +365,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Predeterminado: true" +@@ -389,16 +390,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Predeterminado: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -430,7 +431,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Predeterminado: 10" + +@@ -643,10 +644,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booleano)" ++msgstr "monitor_resolv_conf (booleano)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -654,6 +653,8 @@ msgid "" + "Controls if SSSD should monitor the state of resolv.conf to identify when it " + "needs to update its internal DNS resolver." + msgstr "" ++"Controla si SSSD monitorizaría el estado de resolv.conf para identificar " ++"cuando necesita actualizar su interfaz de resolución DNS interno." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:335 +@@ -662,21 +663,14 @@ msgstr "try_inotify (boolean)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD monitorea el estado de resolv.conf para saber cuando es necesario " +-"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para " +-"ello la herramienta inotify, quien consultará a resolv.conf cada cinco " +-"segundos en caso que inotify no pueda ser utilizado." ++"Por defecto, SSSD intentará usar inotify para monitorizar cambios en los " ++"ficheros de configuración y volverá a sondear cada cinco segundos si inotify " ++"no puede ser usado." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -796,13 +790,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -813,15 +800,19 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Por favor advierta que si se ajusta esta opción todos los usuarios del " +-"domino primario tiene que usar su nombre totalmente cualificado, e.g. " +-"user@domain.name, para acceder. Fijando esta opción cambia el predeterminado " +-"de use_fully_qualified_names a True. No está permitido usar esta opción unto " +-"con use_fully_qualified_names fijado a False." ++"Por favor advierta que si esta opción está establecida todos los usuarios " ++"del dominio primario tienen que usar su nombre totalmente cualificado, e.g. " ++"user@domain.name, para acceder. El establecimiento de esta opción cambia el " ++"comportamiento predeterminado de use_fully_qualified_names a True. No está " ++"permitido el uso de esta opción junto con use_fully_qualified_names " ++"establecido a False. Una excepción de esta regla son los dominios con " ++"<quote>id_provider=files</quote> que siempre intentan igualar el " ++"comportamiento de nss_files y por lo tanto su salida es no cualificada aún " ++"cuando se use la opción default_domain_suffix." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -892,15 +883,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "soft_ocsp" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 + msgid "(NSS Version) This option is ignored." +-msgstr "" ++msgstr "(Versión NSS) Esta opción es ignorada." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:488 +@@ -910,11 +899,15 @@ msgid "" + "authentication when the system is offline and the OCSP responder cannot be " + "reached." + msgstr "" ++"(Versión OpenSSL) S no se puede establecer una conexión con un contestador " ++"OCSP la comprobación OCSP es saltada. Esta opción debería ser usada para " ++"permitir la autenticación cuando el sistema no está en línea y el " ++"contestador OCSP no puede ser alcanzado." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:498 + msgid "ocsp_dgst" +-msgstr "" ++msgstr "ocsp_dgst" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:500 +@@ -922,39 +915,41 @@ msgid "" + "Digest (hash) function used to create the certificate ID for the OCSP " + "request. Allowed values are:" + msgstr "" ++"Función resumen (picadillo) usada para crear la ID del certificado para la " ++"petición OCSP. Los valores permitidos son:" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:504 + msgid "sha1" +-msgstr "" ++msgstr "sha1" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:505 + msgid "sha256" +-msgstr "" ++msgstr "sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:506 + msgid "sha384" +-msgstr "" ++msgstr "sha384" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:507 + msgid "sha512" +-msgstr "" ++msgstr "sha512" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Predeterminado: 5" ++msgstr "Predeterminado: sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 + msgid "" + "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally." + msgstr "" ++"(Versión NSS) Esta opción es ignorada, porque NSS usa sha1 " ++"incondicionalmente." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:518 +@@ -1060,7 +1055,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:583 + msgid "soft_crl" +-msgstr "" ++msgstr "soft_crl" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:588 +@@ -1070,6 +1065,10 @@ msgid "" + "allow authentication when the system is offline and the CRL cannot be " + "renewed." + msgstr "" ++"(Versión OpenSSL) Si una Lista de Revocación de Certificado (CRL) expira " ++"ignora las comprobaciones CRL para los certificados relacionados. Esta " ++"opción debería ser usada para permitir la autenticación cuando el sistema " ++"está fuera de linea y la CRL no puede ser renovada." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:468 +@@ -2137,7 +2136,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Predeterminado: 0" + +@@ -2215,7 +2214,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Predeterminado: none" + +@@ -2294,8 +2293,8 @@ msgstr "" + "de autenticación esta opción está deshabilitada por defecto." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Por defecto: False" +@@ -2674,10 +2673,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (cadena)" ++msgstr "ssh_use_certificate_matching_rules (cadena)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2688,6 +2685,11 @@ msgid "" + "comma separated list of mapping and matching rule names. All other rules " + "will be ignored." + msgstr "" ++"Por defecto el contestador ssh usará todos los certificados disponibles que " ++"coincidan con las reglas para filtrar los certificados de modo que las " ++"claves ssh solo se derivarán a los que coincidan. Con esta opción las reglas " ++"usadas pueden ser restringidas con una lista separada por comas de nombres " ++"de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1763 +@@ -2695,13 +2697,13 @@ msgid "" + "If a non-existing rule name is given all rules will be ignored and all " + "available certificates will be used to derive ssh keys." + msgstr "" ++"Si se da un nombre de regla que no existe todas las reglas serán ignoradas y " ++"los certificados disponibles serán usados para derivar claves ssh." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Por defecto: no ajustado (los espacios no serán reemplazados)" ++msgstr "Predetermindo: no establecido, son usadas todas las reglas encontradas" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3367,11 +3369,16 @@ msgid "" + "user, typically ran at login) operation in the past, both the user entry " + "and the group membership are updated." + msgstr "" ++"El refresco en segundo plano procesará usuarios, grupos y netgroups en el " ++"cache. Para usuarios que han llevado a cabo el anteriormente initgroups " ++"(obtener la membresía de grupo para el usuario, normalmente ejecutando " ++"login), tanto la entrada usuario y la membresia de grupo son actualizados." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 + msgid "This option is automatically inherited for all trusted domains." + msgstr "" ++"Esta opción se hereda automáticamente para todos los dominios de confianza." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4613,13 +4620,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -4627,11 +4627,11 @@ msgid "" + "GID in the user entry is also used by a group object, the primary GID of the " + "user resolves to that group object." + msgstr "" +-"Un grupo primario se autogenera para las entradas de usuario cuyos números " +-"UID y GID tienen los mismos valores y al mismo tiempo el número GID no " +-"coresponde a un objeto grupo real en LDAP si los valores son los mismos, " +-"pero el GID primario en la entrada de usuario se usa también por un objeto " +-"grupo, el GID primario del usaurio resuelve a este objeto grupo." ++"Se autogenera un grupo primario para las entradas de usuario cuyos números " ++"UID y GID tienen el mismo valor y al mismo tiempo el número GID no " ++"corresponde un objeto grupo real en LDAP. Si los valores son los mismos " ++"pero el GID primario en la entrada de usuario es también usado por un objeto " ++"grupo, el GID primario del usuario se resuelve al de ese objeto grupo." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3218 +@@ -5377,22 +5377,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " + "select the prompting might not be suitable for all use cases. The following " + "options should provide a better flexibility here." + msgstr "" +-"Con el creciente número de métodos de autenticación kyh la posibilidad de " +-"que haya múltiples para un solo usuario la heurística usada por pam_sss " +-"podría no ser adecuada para todos los casos de uso. Las siguientes opciones " +-"suministrarían una mejor flexibilidad aquí." ++"Con el creciente número de métodos de autenticación y la la posibilidad de " ++"que haya múltiples para un único usuario la heurística usada por pam_sss " ++"para seleccionar la solicitud podría no ser adecuada para todos los casos. " ++"Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:3705 +@@ -5450,19 +5444,14 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " + "string" + msgstr "" +-"valor booleano, si True habrá solo una única consulta usando el valor de " +-"first_prompt donde se espera que el factor sea introducido como una única " +-"cadena" ++"valor booleano, si True habrá una única pregunta usando el valor de " ++"first_prompt donde se espera que ambos factores se introduzcan como una " ++"única cadena" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3719 +@@ -5475,12 +5464,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" +@@ -5493,19 +5476,14 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " + "for this service." + msgstr "" +-"Es posible añadir una subsección para srvicios PAM especificos como e.g. " +-"<quote>[prompting/password/sshd]</quote> para cambio individual de la " +-"consulta para este servicio." ++"Es posible añadir una subsección para servicios PAM específicos, e.g. " ++"<quote>[prompting/password/sshd]</quote> para el cambio individual de la " ++"pregunta para este servicio." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43 +@@ -6301,17 +6279,38 @@ msgstr "" + "temprano (este valor contra el tiempo de vida TGT)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Predeterminado: 900 (15 minutos)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (entero)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6320,17 +6319,17 @@ msgstr "" + "Algunos servidores LDAP hacen cumplir un límite máximo por petición." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Predeterminado: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6341,7 +6340,7 @@ msgstr "" + "RootDSE pero no está habilitado o no se comporta apropiadamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6351,7 +6350,7 @@ msgstr "" + "pero es incapaz de usarlo." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6362,17 +6361,17 @@ msgstr "" + "puede ocasionar que algunas peticiones sean denegadas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Deshabilitar la recuperación del rango de Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6388,12 +6387,12 @@ msgstr "" + "miembros." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6404,19 +6403,42 @@ msgstr "" + "de esta opción son definidos por OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." + "conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (entero)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el " ++"nivel de seguridad mínimo necesario para establecer la conexión. Los valores " ++"de esta opción son definidos por OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6427,7 +6449,7 @@ msgstr "" + "deference. Si hay menos miembros desaparecidos, se buscarán individualmente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6444,7 +6466,7 @@ msgstr "" + "lo soporta y auncia el control de la desreferencia en el objeto rootDSE." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6457,7 +6479,7 @@ msgstr "" + "soportados son 389/RHDS, OpenLDAP y Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6468,12 +6490,12 @@ msgstr "" + "será deshabilitado sin tener en cuenta este ajuste." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6483,7 +6505,7 @@ msgstr "" + "los siguientes valores:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6492,7 +6514,7 @@ msgstr "" + "certificado de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6503,7 +6525,7 @@ msgstr "" + "certificado malo, será ignorado y la sesión continua normalmente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6514,7 +6536,7 @@ msgstr "" + "certificado malo, la sesión se termina inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6525,22 +6547,22 @@ msgstr "" + "termina inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Predeterminado: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6549,7 +6571,7 @@ msgstr "" + "de Certificación que <command>sssd</command> reconocerá." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6558,12 +6580,12 @@ msgstr "" + "etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6577,33 +6599,33 @@ msgstr "" + "para crear los nombres correctos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + "Especifica el fichero que contiene el certificado para la clave del cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Especifica el archivo que contiene la clave del cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6614,12 +6636,12 @@ msgstr "" + "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6628,12 +6650,12 @@ msgstr "" + "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6644,18 +6666,18 @@ msgstr "" + "ldap_user_uid_number y ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6673,17 +6695,17 @@ msgstr "" + "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6692,7 +6714,7 @@ msgstr "" + "soportados GSSAPI y GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6709,12 +6731,12 @@ msgstr "" + "manvolnum></citerefentry> para más detalles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6734,7 +6756,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6754,17 +6776,17 @@ msgstr "" + "en la pestaña." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Por defecto: host/nombre_de_host@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6775,17 +6797,17 @@ msgstr "" + "reino también, esta opción se ignora." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Por defecto: el valor de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6794,34 +6816,34 @@ msgstr "" + "para para canocalizar el nombre de host durante una unión SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Predeterminado: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6832,12 +6854,12 @@ msgstr "" + "es GSSAPI o GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" +@@ -6845,17 +6867,17 @@ msgstr "" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Predeterminado: 86400 (24 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6874,7 +6896,7 @@ msgstr "" + "información, vea la sección <quote>SERVICE DISCOVERY</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6885,7 +6907,7 @@ msgstr "" + "regresa a _tcp si no se encuentra nada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6897,30 +6919,30 @@ msgstr "" + "configuración para usar <quote>krb5_server</quote> en su lugar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6929,12 +6951,12 @@ msgstr "" + "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6949,7 +6971,7 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6961,12 +6983,12 @@ msgstr "" + "localizador." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6975,7 +6997,7 @@ msgstr "" + "del cliente. Los siguientes valores son permitidos:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6984,7 +7006,7 @@ msgstr "" + "no puede deshabilitar las políticas de password en el lado servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6995,7 +7017,7 @@ msgstr "" + "manvolnum></citerefentry> para evaluar si la contraseña ha expirado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -7007,7 +7029,7 @@ msgstr "" + "password." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -7017,19 +7039,19 @@ msgstr "" + "establecida por esta opción." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Especifica si el seguimiento de referencias automático debería ser " + "habilitado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -7038,7 +7060,7 @@ msgstr "" + "está compilado con OpenLDAP versión 2.4.13 o más alta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -7051,29 +7073,29 @@ msgstr "" + "esta opción a false le llevará a una notable mejora de rendimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Especifica el nombre del servicio para utilizar cuando está habilitado el " + "servicio de descubrimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Predeterminado: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -7083,17 +7105,17 @@ msgstr "" + "descubrimiento." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -7102,12 +7124,12 @@ msgstr "" + "desde el Epoch después de una operación de cambio de contraseña." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7135,12 +7157,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Ejemplo:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7152,7 +7174,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7161,7 +7183,7 @@ msgstr "" + "usuarios cuyo atributo employeeType esté establecido a \"admin\"." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7174,17 +7196,17 @@ msgstr "" + "se les seguirán otorgando acceso sin conexión y viceversa." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Predeterminado: vacío" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7193,7 +7215,7 @@ msgstr "" + "control de acceso del lado cliente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7204,12 +7226,12 @@ msgstr "" + "una código de error definible aunque el password sea correcto." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Los siguientes valores están permitidos:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7218,7 +7240,7 @@ msgstr "" + "determinar si la cuenta ha expirado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7231,7 +7253,7 @@ msgstr "" + "se comprueba el tiempo de expiración de la cuenta." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7242,7 +7264,7 @@ msgstr "" + "el acceso o no." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7255,7 +7277,7 @@ msgstr "" + "permitido. Si ambos atributos están desaparecidos se concede el acceso." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7266,24 +7288,24 @@ msgstr "" + "la opción ldap_account_expire_policy funcione." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Lista separada por coma de opciones de control de acceso. Los valores " + "permitidos son:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7299,7 +7321,7 @@ msgstr "" + "funciones." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7309,7 +7331,7 @@ msgstr "" + "</emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7331,12 +7353,12 @@ msgstr "" + "estar establecido para que esta característica funcione." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7351,7 +7373,7 @@ msgstr "" + "método distinto a las contraseñas - por ejemplo claves SSH." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7366,7 +7388,7 @@ msgstr "" + "inmediatamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7374,7 +7396,7 @@ msgstr "" + "explícito." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7384,7 +7406,7 @@ msgstr "" + "para una política de contraseña apropiada." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7393,13 +7415,13 @@ msgstr "" + "autorizedService para determinar el acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7408,7 +7430,7 @@ msgstr "" + "host remoto puede acceder" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7418,12 +7440,12 @@ msgstr "" + "opción de control de acceso" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Predeterminado: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7432,12 +7454,12 @@ msgstr "" + "una vez." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7451,22 +7473,22 @@ msgstr "" + "LDAP no pueden verificarse correctamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7475,13 +7497,13 @@ msgstr "" + "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7491,7 +7513,7 @@ msgstr "" + "búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7500,7 +7522,7 @@ msgstr "" + "cuando se localice el objeto base de la búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7509,7 +7531,7 @@ msgstr "" + "para la búsqueda como en la localización del objeto base de la búsqueda." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7518,12 +7540,12 @@ msgstr "" + "librerías cliente LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7532,7 +7554,7 @@ msgstr "" + "servidores que usan el esquema RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7550,7 +7572,7 @@ msgstr "" + "llamadas getpw*() o initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7561,12 +7583,12 @@ msgstr "" + "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7575,25 +7597,18 @@ msgstr "" + "descargadas durante una búsqueda de comodín." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7603,19 +7618,22 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Todas las opciones de configuración comunes que se aplican a los dominios " +-"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " ++"Todas las opciones comunes de configuración que se aplican a los dominios " ++"SSSD tambien se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " + "SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles " +-"completos. <placeholder type=\"variablelist\" id=\"0\"/>" ++"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para todos los " ++"detalles. Advierta que los atributos de mapeo SSSD LDAP están descritos en " ++"la página de manual <citerefentry> <refentrytitle>sssd-ldap-attributes</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder type=" ++"\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPCIONES SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7626,12 +7644,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7641,7 +7659,7 @@ msgstr "" + "servidor)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7650,17 +7668,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Por defecto: 21600 (6 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7672,7 +7690,7 @@ msgstr "" + "actualmente SSSD)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7681,7 +7699,7 @@ msgstr "" + "atributo modifyTimestamp." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7697,12 +7715,12 @@ msgstr "" + "<emphasis>ldap_connection_expire_timeout</emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7711,12 +7729,12 @@ msgstr "" + "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7725,7 +7743,7 @@ msgstr "" + "totalmente cualificados que sería usada para filtrar las reglas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7734,8 +7752,8 @@ msgstr "" + "nombre de dominio totalmente cualificado automáticamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7744,17 +7762,17 @@ msgstr "" + "emphasis> esta opción no tiene efecto." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Por defecto: no especificado" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7763,7 +7781,7 @@ msgstr "" + "usada para filtrar las reglas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7772,12 +7790,12 @@ msgstr "" + "automáticamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "sudo_include_netgroups (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7786,12 +7804,12 @@ msgstr "" + "atributo sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (booleano)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7800,7 +7818,7 @@ msgstr "" + "atributo sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7809,7 +7827,7 @@ msgstr "" + "del servidor LDAP!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7822,12 +7840,12 @@ msgstr "" + "manvolnum> </citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPCIONES AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7836,47 +7854,47 @@ msgstr "" + "esquema LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "El nombre del mapa maestro de montaje automático en LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Pfredeterminado: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPCIONES AVANZADAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7889,22 +7907,22 @@ msgstr "" + "función, si los nombres de grupo no están siendo visualizados correctamente." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7917,14 +7935,14 @@ msgstr "" + "<placeholder type=\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EJEMPLO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7935,7 +7953,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7955,20 +7973,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -7977,7 +7995,7 @@ msgstr "" + "ldap_access_order=lockout." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8003,13 +8021,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTAS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -9937,7 +9955,7 @@ msgstr "" + "este host. El nombre de host debe ser totalmente cualificado." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booleano)" + +@@ -9957,7 +9975,7 @@ msgstr "" + "otra manera utilizando la opción <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -9978,12 +9996,12 @@ msgstr "" + "usar <emphasis>dyndns_update</emphasis> en su fichero de configuración." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (entero)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -10010,12 +10028,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Por defecto: 1200 (segundos)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -10046,17 +10064,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -10064,7 +10082,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -10091,7 +10109,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -10104,12 +10122,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -10128,60 +10146,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10306,26 +10324,26 @@ msgstr "" + "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11800,9 +11818,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booleano)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -11812,19 +11848,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -11834,12 +11870,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Predeterminado: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -11850,7 +11886,7 @@ msgstr "" + "Este ejemplo muestra sólo las opciones específicas del proveedor AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -11874,7 +11910,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -11886,7 +11922,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -11897,7 +11933,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -11907,7 +11943,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -12480,16 +12516,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +-#| "client applications will not use the fast in-memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", " +-"las aplicaciones clientes no usaran la memoria cache rápida." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -13630,21 +13660,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Vea la página de manual <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> para más información sobre el complemento " +-"localizador." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -16323,26 +16344,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Esta página de manual describe la configuración del proveedor AD para " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección " +-"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -16371,10 +16378,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -16388,10 +16393,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id, max_id (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -16402,17 +16405,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Predeterminado: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (entero)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -16423,10 +16422,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Predeterminado: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -16627,17 +16624,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "auth sufficient pam_sss.so allow_missing_name\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"auth sufficient pam_sss.so allow_missing_name\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16906,10 +16898,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16928,28 +16918,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Proveedor SSSD LDAP" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16957,11 +16935,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Esta página de manual describe la configuración de dominios LDAP para " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de " +-"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> para información detallada de la sintáxis." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -17850,10 +17823,8 @@ msgstr "ldap_group_modify_timestamp (cadena)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (cadena)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -18083,10 +18054,8 @@ msgstr "Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECCIONES DE SERVICIOS" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -18334,10 +18303,8 @@ msgstr "Por defecto: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPCIONES AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -18649,10 +18616,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (entero)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -19779,27 +19744,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "El refresco en segundo plano procesará usuarios grupos y grupos de red en " +-#~ "la caché." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Predeterminado: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (entero)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/eu.po b/src/man/po/eu.po +index 60d333c05..a122f6ce6 100644 +--- a/src/man/po/eu.po ++++ b/src/man/po/eu.po +@@ -5,9 +5,9 @@ + # Translators: + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-14 11:55+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +@@ -294,9 +294,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -316,16 +316,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -354,7 +354,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -652,8 +652,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -1733,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1797,7 +1797,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1862,8 +1862,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5032,34 +5032,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5067,14 +5086,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5082,17 +5101,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5102,12 +5121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5115,17 +5134,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5133,7 +5165,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5144,7 +5176,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5153,7 +5185,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5161,26 +5193,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5188,7 +5220,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5196,7 +5228,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5204,41 +5236,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5247,32 +5279,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5280,24 +5312,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5305,17 +5337,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5326,24 +5358,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5354,12 +5386,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5372,7 +5404,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5384,17 +5416,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5402,49 +5434,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5452,28 +5484,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5485,7 +5517,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5493,7 +5525,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5501,39 +5533,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5543,7 +5575,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5551,26 +5583,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5578,7 +5610,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5586,31 +5618,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5619,56 +5651,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5684,12 +5716,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5698,14 +5730,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5714,24 +5746,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5739,19 +5771,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5760,7 +5792,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5768,7 +5800,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5777,7 +5809,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5785,22 +5817,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5810,14 +5842,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5830,12 +5862,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5845,7 +5877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5855,63 +5887,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5920,74 +5952,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5998,7 +6030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6006,24 +6038,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6040,12 +6072,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6053,36 +6085,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6090,14 +6122,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6107,101 +6139,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6210,59 +6242,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6271,22 +6303,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6295,14 +6327,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6310,7 +6342,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6323,27 +6355,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6359,13 +6391,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7895,7 +7927,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7910,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7925,12 +7957,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7951,12 +7983,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7980,17 +8012,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7998,7 +8030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8025,7 +8057,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8038,12 +8070,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8062,60 +8094,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8229,26 +8261,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9688,9 +9720,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9700,19 +9748,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9722,12 +9770,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9735,7 +9783,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9750,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9759,7 +9807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9767,7 +9815,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9777,7 +9825,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/fi.po b/src/man/po/fi.po +index 34eec244a..3522376ce 100644 +--- a/src/man/po/fi.po ++++ b/src/man/po/fi.po +@@ -1,9 +1,9 @@ + # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2017-03-24 08:46+0000\n" + "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n" + "Language-Team: Finnish\n" +@@ -289,9 +289,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Oletus:tosi" +@@ -311,16 +311,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Oletus:epätosi" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -349,7 +349,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -647,8 +647,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -757,10 +757,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: false" + msgid "Default: sha256" +-msgstr "Oletus:epätosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1730,7 +1728,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1794,7 +1792,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1859,8 +1857,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -2196,10 +2194,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Oletus: ei asetettu(välilyöntejä ei korvata)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5033,34 +5029,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5068,14 +5083,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5083,17 +5098,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5103,12 +5118,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5116,17 +5131,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5134,7 +5162,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5145,7 +5173,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5154,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5162,26 +5190,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5189,7 +5217,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5197,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5205,41 +5233,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5248,32 +5276,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5281,24 +5309,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5306,17 +5334,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5327,24 +5355,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5355,12 +5383,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5373,7 +5401,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5385,17 +5413,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5403,49 +5431,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5453,28 +5481,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5486,7 +5514,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5494,7 +5522,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5502,39 +5530,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5544,7 +5572,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5552,26 +5580,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5579,7 +5607,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5587,31 +5615,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5620,56 +5648,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5685,12 +5713,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5699,14 +5727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5715,24 +5743,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5740,19 +5768,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5761,7 +5789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5769,7 +5797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5778,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5786,22 +5814,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5811,14 +5839,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5831,12 +5859,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5846,7 +5874,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5856,63 +5884,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5921,74 +5949,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5999,7 +6027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6007,24 +6035,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6041,12 +6069,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6054,36 +6082,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6091,14 +6119,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6108,101 +6136,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6211,59 +6239,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6272,22 +6300,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6296,14 +6324,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6311,7 +6339,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6324,27 +6352,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6360,13 +6388,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7896,7 +7924,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7911,7 +7939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7926,12 +7954,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7952,12 +7980,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7981,17 +8009,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7999,7 +8027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8026,7 +8054,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8039,12 +8067,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8063,60 +8091,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8230,26 +8258,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9689,9 +9717,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "debug_timestamps (bool)" ++msgid "ad_use_ldaps (bool)" ++msgstr "debug_timestamps (bool)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9701,19 +9747,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9723,12 +9769,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9736,7 +9782,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9751,7 +9797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9760,7 +9806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9768,7 +9814,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9778,7 +9824,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13870,10 +13916,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13887,10 +13931,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13901,17 +13943,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: true" + msgid "Default: 64" +-msgstr "Oletus:tosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccache_size (integer)" +-msgstr "enum_cache_timeout (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13922,10 +13960,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: true" + msgid "Default: 65536" +-msgstr "Oletus:tosi" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +diff --git a/src/man/po/fr.po b/src/man/po/fr.po +index adea5d1a6..aa86c5c23 100644 +--- a/src/man/po/fr.po ++++ b/src/man/po/fr.po +@@ -14,9 +14,9 @@ + # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2016-03-19 03:04+0000\n" + "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n" + "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" +@@ -338,9 +338,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Par défaut : true" +@@ -363,16 +363,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Par défaut : false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -401,7 +401,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Par défaut : 10" + +@@ -599,10 +599,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (booléen)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -618,21 +616,11 @@ msgstr "try_inotify (booléen)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour " +-"des résolutions DNS internes. Par défaut, l'utilisation de inotify sera " +-"tentée, et reviendra à une interrogation de resolv.conf toutes les cinq " +-"secondes si inotify échoue." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -742,13 +730,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -759,16 +740,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Noter que, si cette option est définie, tous les utilisateurs du domaine " +-"principal doivent utiliser leur nom pleinement qualifié, par exemple " +-"user@domain.name, pour se connecter. L'utilisation de cette option modifie " +-"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas " +-"possible ni autorisé d'utiliser cette option avec l'option " +-"use_fully_qualified_names à False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -883,10 +858,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Par défaut : 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1969,7 +1942,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Par défaut : 0" + +@@ -2038,7 +2011,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Par défaut : aucun" + +@@ -2103,8 +2076,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Par défaut : False" +@@ -2434,10 +2407,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (chaîne)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2458,10 +2429,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5687,17 +5656,38 @@ msgstr "" + "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Par défaut : 900 (15 minutes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (entier)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5706,17 +5696,17 @@ msgstr "" + "Certains serveurs LDAP imposent une limite maximale par requête." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Par défaut : 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5728,7 +5718,7 @@ msgstr "" + "correctement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5738,7 +5728,7 @@ msgstr "" + "sera impossible de l'utiliser." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5749,17 +5739,17 @@ msgstr "" + "cela peut entraîner l'échec de certaines demandes." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Désactiver la récupération de plage Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5775,12 +5765,12 @@ msgstr "" + "apparaissant ainsi sans aucun membre." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5791,19 +5781,42 @@ msgstr "" + "de cette option sont définies par OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " + "par ldap.conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le " ++"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs " ++"de cette option sont définies par OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5814,7 +5827,7 @@ msgstr "" + "membres manquants est inférieur, ils sont recherchés individuellement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5825,7 +5838,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5838,7 +5851,7 @@ msgstr "" + "acceptés sont 389/RHDS, OpenLDAP et Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5849,12 +5862,12 @@ msgstr "" + "déréférencement est désactivée indépendamment de ce paramètre." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5863,7 +5876,7 @@ msgstr "" + "session TLS, si elle existe. Une des valeurs suivantes est utilisable :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5872,7 +5885,7 @@ msgstr "" + "quelconque certificat du serveur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5883,7 +5896,7 @@ msgstr "" + "certificat est fourni, il est ignoré et la session continue normalement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5894,7 +5907,7 @@ msgstr "" + "certificat est fourni, la session se termine immédiatement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5905,22 +5918,22 @@ msgstr "" + "immédiatement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Par défaut : hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5929,7 +5942,7 @@ msgstr "" + "certification que <command>sssd</command> reconnaîtra." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5938,12 +5951,12 @@ msgstr "" + "<filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5957,32 +5970,32 @@ msgstr "" + "corrects." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Définit le fichier qui contient le certificat pour la clef du client." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Définit le fichier qui contient la clef du client." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5990,12 +6003,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6005,12 +6018,12 @@ msgstr "" + "canal." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6022,19 +6035,19 @@ msgstr "" + "ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "Cette fonctionnalité ne prend actuellement en charge que la correspondance " + "par objectSID avec Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6054,24 +6067,24 @@ msgstr "" + "identifiants." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Par défaut : non indiqué (les deux options sont à 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6082,12 +6095,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6100,7 +6113,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6112,17 +6125,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Par défaut : host/hostname@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6133,17 +6146,17 @@ msgstr "" + "domaine, cette option est ignorée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Par défaut : la valeur de krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6152,34 +6165,34 @@ msgstr "" + "le nom de l'hôte au cours d'une liaison SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Défaut : false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6187,28 +6200,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Par défaut : 86400 (24 heures)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6228,7 +6241,7 @@ msgstr "" + "<quote>DÉCOUVERTE DE SERVICES</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6239,7 +6252,7 @@ msgstr "" + "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6251,29 +6264,29 @@ msgstr "" + "l'utilisation de <quote>krb5_server</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6283,12 +6296,12 @@ msgstr "" + "Kerberos > = 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6303,7 +6316,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6315,12 +6328,12 @@ msgstr "" + "localisation." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6329,7 +6342,7 @@ msgstr "" + "valeurs suivantes sont acceptées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6338,7 +6351,7 @@ msgstr "" + "peut pas désactiver la politique sur les mots de passe du côté serveur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6349,7 +6362,7 @@ msgstr "" + "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6361,7 +6374,7 @@ msgstr "" + "est changé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6370,17 +6383,17 @@ msgstr "" + "côté serveur, elle prend le pas sur la politique indiquée avec cette option." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "Définit si le déréférencement automatique doit être activé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6389,7 +6402,7 @@ msgstr "" + "compilé avec OpenLDAP version 2.4.13 ou supérieur." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6403,29 +6416,29 @@ msgstr "" + "permettre d'améliorer de façon notable les performances." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Définit le nom de service à utiliser quand la découverte de services est " + "activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Par défaut : ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6434,19 +6447,19 @@ msgstr "" + "un changement de mot de passe quand la découverte de services est activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + "Par défaut : non défini, c'est-à-dire que le service de découverte est " + "désactivé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6456,12 +6469,12 @@ msgstr "" + "de passe." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6477,12 +6490,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exemple :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6494,7 +6507,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -6503,7 +6516,7 @@ msgstr "" + "dont l'attribut employeeType est « admin »." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6512,17 +6525,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Par défaut : vide" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6531,7 +6544,7 @@ msgstr "" + "être activée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6543,12 +6556,12 @@ msgstr "" + "correct." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Les valeurs suivantes sont autorisées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6557,7 +6570,7 @@ msgstr "" + "pour déterminer si le compte a expiré." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6570,7 +6583,7 @@ msgstr "" + "d'expiration du compte est aussi vérifiée." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6581,7 +6594,7 @@ msgstr "" + "l'accès est autorisé ou non." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6594,7 +6607,7 @@ msgstr "" + "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6605,24 +6618,24 @@ msgstr "" + "ldap_account_expire_policy de fonctionner." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Liste séparées par des virgules des options de contrôles d'accès. Les " + "valeurs autorisées sont :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6632,14 +6645,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6652,12 +6665,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6667,7 +6680,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6677,20 +6690,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6699,32 +6712,32 @@ msgstr "" + "authorizedService pour déterminer l'accès" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Par défaut : filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -6733,12 +6746,12 @@ msgstr "" + "de configuration." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6747,22 +6760,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6771,12 +6784,12 @@ msgstr "" + "recherche. Les options suivantes sont autorisées :" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6786,7 +6799,7 @@ msgstr "" + "recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6795,7 +6808,7 @@ msgstr "" + "la localisation de l'objet de base de la recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6804,7 +6817,7 @@ msgstr "" + "recherche et et la localisation de l'objet de base de la recherche." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6813,12 +6826,12 @@ msgstr "" + "bibliothèques clientes LDAP)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -6827,7 +6840,7 @@ msgstr "" + "LDAP pour les serveurs qui utilisent le schéma RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6845,7 +6858,7 @@ msgstr "" + "initgoups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6856,36 +6869,29 @@ msgstr "" + "ajoutent les utilisateurs locaux aux groupes LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6895,19 +6901,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Toutes les options de configuration communes appliquées aux domaines SSSD " +-"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE " +-"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " +-"détails. <placeholder type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "OPTIONS DE SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6915,12 +6916,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -6930,7 +6931,7 @@ msgstr "" + "règles qui sont stockées sur le serveur)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6939,17 +6940,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Par défaut : 21600 (6 heures)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6957,7 +6958,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -6966,7 +6967,7 @@ msgstr "" + "modifyTimestamp est utilisé à la place." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6976,12 +6977,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -6991,12 +6992,12 @@ msgstr "" + "noms de systèmes)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7005,7 +7006,7 @@ msgstr "" + "doivent être utilisés pour filtrer les règles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7014,8 +7015,8 @@ msgstr "" + "nom de système et le nom de domaine pleinement qualifié." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7024,17 +7025,17 @@ msgstr "" + "emphasis>, alors cette option n'a aucun effet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Par défaut : non spécifié" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7043,7 +7044,7 @@ msgstr "" + "IPv6 qui doivent être utilisés pour filtrer les règles." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7052,12 +7053,12 @@ msgstr "" + "automatiquement." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7066,12 +7067,12 @@ msgstr "" + "netgroup dans l'attribut sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7080,14 +7081,14 @@ msgstr "" + "un joker dans l'attribut sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7100,59 +7101,59 @@ msgstr "" + "manvolnum></citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "OPTIONS AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Par défaut : auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPTIONS AVANCÉES" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (chaînes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7161,22 +7162,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7185,14 +7186,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7203,7 +7204,7 @@ msgstr "" + "replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7223,27 +7224,27 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7269,13 +7270,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8912,7 +8913,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (booléen)" + +@@ -8927,7 +8928,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8949,12 +8950,12 @@ msgstr "" + "configuration." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (entier)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8981,12 +8982,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Par défaut : 1200 (secondes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -9014,17 +9015,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9032,7 +9033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -9067,7 +9068,7 @@ msgstr "" + "seront utilisés comme serveurs de repli" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (entier)" + +@@ -9084,12 +9085,12 @@ msgstr "" + "configurée à true." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9114,12 +9115,12 @@ msgid "Default: False (disabled)" + msgstr "Par défaut : False (désactivé)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (booléen)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -9128,48 +9129,48 @@ msgstr "" + "communication avec le serveur DNS." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -9295,26 +9296,26 @@ msgstr "" + "convertit en DN de base pour effectuer les opérations LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10807,9 +10808,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (booléen)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10826,19 +10845,19 @@ msgstr "" + "<quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Par défaut : 3600 (secondes)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10848,12 +10867,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Par défaut : True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10864,7 +10883,7 @@ msgstr "" + "exemples montrent seulement les options spécifiques au fournisseur AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10888,7 +10907,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10900,7 +10919,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10911,7 +10930,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10921,7 +10940,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -11500,17 +11519,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +-#| "debug messages will be sent to stderr." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " +-"quelconque, des messages de débogage seront envoyés sur la sortie standard " +-"d'erreur." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12698,21 +12710,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Consulter la page de manuel de <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> pour plus d'informations sur le greffon de " +-"localisation." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -15443,26 +15446,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the AD provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Cette page de manuel décrit la configuration du fournisseur AD pour " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section " +-"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -15491,10 +15480,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -15508,10 +15495,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -15522,17 +15507,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Par défaut : 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (entier)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -15543,10 +15524,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Par défaut : 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15747,17 +15726,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "user_attributes = +telephoneNumber, -loginShell\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"user_attributes = +telephoneNumber, -loginShell\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +@@ -16026,10 +16000,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (chaînes)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -16048,28 +16020,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Fournisseur LDAP SSSD" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -16077,11 +16037,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " +-"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " +-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16950,10 +16905,8 @@ msgstr "ldap_group_modify_timestamp (chaîne)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (chaîne)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -17178,10 +17131,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SECTIONS DE SERVICES" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -17429,10 +17380,8 @@ msgstr "Par défaut : sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "OPTIONS AUTOFS" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -17734,10 +17683,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (entier)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -18898,20 +18845,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Par défaut : homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (entier)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +diff --git a/src/man/po/ja.po b/src/man/po/ja.po +index 5231f970b..85dd3f49c 100644 +--- a/src/man/po/ja.po ++++ b/src/man/po/ja.po +@@ -9,9 +9,9 @@ + # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-05-28 11:45+0000\n" + "Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/" +@@ -322,9 +322,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "初期値: true" +@@ -344,16 +344,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "初期値: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -382,7 +382,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "初期値: 10" + +@@ -566,10 +566,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (論理値)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -585,21 +583,11 @@ msgstr "try_inotify (論理値)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv." +-"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま" +-"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう" +-"フォールバックします。" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -714,8 +702,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -824,10 +812,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "初期値: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1864,7 +1850,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "初期値: 0" + +@@ -1928,7 +1914,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "初期値: none" + +@@ -1993,8 +1979,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "初期値: 偽" +@@ -2335,10 +2321,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set, i.e. FAST is not used." + msgid "Default: not set, all found rules are used" +-msgstr "初期値: 設定されません、つまり FAST が使用されません。" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -5378,17 +5362,38 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "初期値: 900 (15 分)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (整数)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -5397,17 +5402,17 @@ msgstr "" + "バーは 1 要求あたりの最大数の制限を強制します。" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "初期値: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5418,7 +5423,7 @@ msgstr "" + "ことを報告する場合に、このオプションが使用されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -5428,7 +5433,7 @@ msgstr "" + "す。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5439,17 +5444,17 @@ msgstr "" + "があります。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Active Directory の範囲の取得を無効化します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5459,12 +5464,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5472,17 +5477,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (整数)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5490,7 +5510,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5501,7 +5521,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5510,7 +5530,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5518,12 +5538,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -5532,7 +5552,7 @@ msgstr "" + "クするものを指定します。以下の値のうち 1 つを指定できます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5541,7 +5561,7 @@ msgstr "" + "確認しません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5552,7 +5572,7 @@ msgstr "" + "無視され、セッションが通常通り進められます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5563,7 +5583,7 @@ msgstr "" + "ンが直ちに終了します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5573,22 +5593,22 @@ msgstr "" + "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "初期値: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -5598,7 +5618,7 @@ msgstr "" + "書を含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -5607,12 +5627,12 @@ msgstr "" + "filename> にあります" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5625,32 +5645,32 @@ msgstr "" + "ます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "クライアントのキーを含むファイルを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5658,12 +5678,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -5672,12 +5692,12 @@ msgstr "" + "用する必要がある id_provider 接続を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5685,18 +5705,18 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5707,24 +5727,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5735,12 +5755,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5753,7 +5773,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5765,17 +5785,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "初期値: host/hostname@REALM" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5783,17 +5803,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "初期値: krb5_realm の値" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -5802,33 +5822,33 @@ msgstr "" + "するために逆引きを実行します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "初期値: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5836,28 +5856,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "初期値: 86400 (24 時間)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5869,7 +5889,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5880,7 +5900,7 @@ msgstr "" + "ば _tcp にフォールバックします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5891,27 +5911,27 @@ msgstr "" + "quote> を使用するよう設定ファイルを移行することが推奨されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -5920,12 +5940,12 @@ msgstr "" + "します。この機能は MIT Kerberos >= 1.7 で利用可能です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5935,7 +5955,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5946,12 +5966,12 @@ msgstr "" + "manvolnum> </citerefentry> マニュアルページを参照ください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -5960,7 +5980,7 @@ msgstr "" + "す。以下の値が許容されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -5969,7 +5989,7 @@ msgstr "" + "ンはサーバー側のパスワードポリシーを無効にできません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5980,7 +6000,7 @@ msgstr "" + "manvolnum></citerefentry> 形式の属性を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5991,24 +6011,24 @@ msgstr "" + "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "自動参照追跡が有効化されるかを指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6017,7 +6037,7 @@ msgstr "" + "sssd のみが参照追跡をサポートすることに注意してください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6026,28 +6046,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "サービス検索が有効にされているときに使用するサービスの名前を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "初期値: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6056,29 +6076,29 @@ msgstr "" + "を検索するために使用するサービスの名前を指定します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -6094,12 +6114,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "例:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -6108,14 +6128,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -6124,17 +6144,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "初期値: 空白" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -6143,7 +6163,7 @@ msgstr "" + "ます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -6154,12 +6174,12 @@ msgstr "" + "否します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "以下の値が許可されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -6168,7 +6188,7 @@ msgstr "" + "ldap_user_shadow_expire の値を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -6177,7 +6197,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -6188,7 +6208,7 @@ msgstr "" + "ldap_ns_account_lock の値を使用します。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -6201,7 +6221,7 @@ msgstr "" + "クセスが許可されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -6209,23 +6229,23 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6235,14 +6255,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -6255,12 +6275,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -6270,7 +6290,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -6280,20 +6300,20 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -6302,44 +6322,44 @@ msgstr "" + "authorizedService 属性を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "初期値: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "値が複数使用されていると設定エラーになることに注意してください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -6348,22 +6368,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -6372,12 +6392,12 @@ msgstr "" + "ションが許容されます:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -6386,7 +6406,7 @@ msgstr "" + "決されますが、検索のベースオブジェクトの位置を探すときはされません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -6395,7 +6415,7 @@ msgstr "" + "すときのみ参照解決されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -6404,7 +6424,7 @@ msgstr "" + "きも位置を検索するときも参照解決されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -6413,19 +6433,19 @@ msgstr "" + "して取り扱われます)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6436,7 +6456,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6444,36 +6464,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -6483,19 +6496,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま" +-"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ" +-"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id=" +-"\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDO オプション" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6503,19 +6511,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -6524,17 +6532,17 @@ msgstr "" + "ります" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "初期値: 21600 (6 時間)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6542,14 +6550,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6559,24 +6567,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -6585,15 +6593,15 @@ msgstr "" + "区切り一覧です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -6602,17 +6610,17 @@ msgstr "" + "ならば、このオプションは効果を持ちません。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "初期値: 指定なし" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -6621,7 +6629,7 @@ msgstr "" + "アドレスの空白区切り一覧です。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -6629,38 +6637,38 @@ msgstr "" + "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6672,59 +6680,59 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFS オプション" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "高度なオプション" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6733,22 +6741,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6757,14 +6765,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "例" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6775,7 +6783,7 @@ msgstr "" + "す。" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6788,27 +6796,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6824,13 +6832,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "注記" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -8432,7 +8440,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (論理値)" + +@@ -8447,7 +8455,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -8465,12 +8473,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (整数)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8491,12 +8499,12 @@ msgid "Default: 1200 (seconds)" + msgstr "初期値: 1200 (秒)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8520,17 +8528,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8538,7 +8546,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8565,7 +8573,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (整数)" + +@@ -8578,12 +8586,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8602,12 +8610,12 @@ msgid "Default: False (disabled)" + msgstr "初期値: False (無効)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (論理値)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -8616,48 +8624,48 @@ msgstr "" + "どうか。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8781,26 +8789,26 @@ msgstr "" + "めに使用するベース DN に変換されます。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -10256,9 +10264,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (論理値)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -10268,19 +10294,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "初期値: 3600 (秒)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -10290,12 +10316,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "初期値: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -10306,7 +10332,7 @@ msgstr "" + "AD プロバイダー固有のオプションのみ示してします。" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -10330,7 +10356,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -10342,7 +10368,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -10350,7 +10376,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -10360,7 +10386,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -10874,16 +10900,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +-#| "debug messages will be sent to stderr." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" +-"セージが標準エラーに送られます。" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -12030,20 +12050,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for " +-#| "more information on the locator plugin." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"位置情報プラグインの詳細は <citerefentry> " +-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +-"manvolnum> </citerefentry> マニュアルページを参照ください。" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -14711,25 +14723,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of the IPA provider for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#| "citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +-"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説" +-"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー" +-"ジの <quote>ファイル形式</quote> を参照してください。" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -14758,10 +14757,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -14775,10 +14772,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -14789,17 +14784,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "初期値: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (整数)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14810,10 +14801,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "初期値: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15288,10 +15277,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (文字列)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -15310,10 +15297,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +@@ -15322,14 +15307,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -15337,11 +15314,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +-"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して" +-"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</" +-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +-"<quote>ファイル形式</quote> セクションを参照してください。" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -16172,10 +16144,8 @@ msgstr "ldap_group_modify_timestamp (文字列)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (文字列)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -16393,10 +16363,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "サービスセクション" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -16637,10 +16605,8 @@ msgstr "初期値: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFS オプション" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -16906,10 +16872,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (整数)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -17965,6 +17929,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "初期値: homeDirectory" +diff --git a/src/man/po/lv.po b/src/man/po/lv.po +index bd30342f9..fe1fe881a 100644 +--- a/src/man/po/lv.po ++++ b/src/man/po/lv.po +@@ -7,9 +7,9 @@ + # Kristaps, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:00+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" +@@ -297,9 +297,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -319,16 +319,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -357,7 +357,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Noklusējuma: 10" + +@@ -655,8 +655,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -765,10 +765,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: sha256" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1738,7 +1736,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1802,7 +1800,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1867,8 +1865,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5037,34 +5035,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5072,14 +5089,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5087,17 +5104,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5107,12 +5124,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5120,17 +5137,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5138,7 +5168,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5149,7 +5179,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5158,7 +5188,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5166,26 +5196,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5193,7 +5223,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5201,7 +5231,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5209,41 +5239,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5252,32 +5282,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5285,24 +5315,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5310,17 +5340,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5331,24 +5361,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5359,12 +5389,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5377,7 +5407,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5389,17 +5419,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5407,49 +5437,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5457,28 +5487,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Noklusējuma: 86400 (24 stundas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5490,7 +5520,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5498,7 +5528,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5506,39 +5536,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5548,7 +5578,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5556,26 +5586,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5583,7 +5613,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5591,31 +5621,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5624,56 +5654,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Noklusējuma: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5689,12 +5719,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Piemērs:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5703,14 +5733,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5719,24 +5749,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5744,19 +5774,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Atļautas šādas vērtības:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5765,7 +5795,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5773,7 +5803,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5782,7 +5812,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5790,22 +5820,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5815,14 +5845,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5835,12 +5865,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5850,7 +5880,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5860,63 +5890,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Noklusējuma: filtrēt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5925,74 +5955,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6003,7 +6033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6011,24 +6041,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6045,12 +6075,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6058,36 +6088,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6095,14 +6125,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6112,101 +6142,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6215,59 +6245,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "PAPLAŠINĀTĀS IESPĒJAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6276,22 +6306,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6300,14 +6330,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "PIEMĒRS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6315,7 +6345,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6328,27 +6358,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6364,13 +6394,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "PIEZĪMES" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7900,7 +7930,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7915,7 +7945,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7930,12 +7960,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7956,12 +7986,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7985,17 +8015,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8003,7 +8033,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8030,7 +8060,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8043,12 +8073,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8067,60 +8097,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8234,26 +8264,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9693,9 +9723,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9705,19 +9751,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9727,12 +9773,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9740,7 +9786,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9755,7 +9801,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9764,7 +9810,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9772,7 +9818,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9782,7 +9828,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13874,10 +13920,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "noildze (vesels skaitlis)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13903,10 +13947,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13922,10 +13964,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Noklusējuma: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14420,10 +14460,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +diff --git a/src/man/po/nl.po b/src/man/po/nl.po +index e05315677..640b8933d 100644 +--- a/src/man/po/nl.po ++++ b/src/man/po/nl.po +@@ -6,9 +6,9 @@ + # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:02+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +@@ -320,9 +320,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Standaard: true" +@@ -342,16 +342,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -380,7 +380,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -559,10 +559,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "try_inotify (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "try_inotify (bool)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -578,21 +576,11 @@ msgstr "try_inotify (bool)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne " +-"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om " +-"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden " +-"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -704,8 +692,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -814,10 +802,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 120" + msgid "Default: sha256" +-msgstr "Standaard: 120" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1791,7 +1777,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Standaard: 0" + +@@ -1855,7 +1841,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1920,8 +1906,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5093,34 +5079,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "reconnection_retries (numeriek)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5128,14 +5135,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5143,17 +5150,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5163,12 +5170,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5176,17 +5183,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5194,7 +5214,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5205,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5214,7 +5234,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5222,26 +5242,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5249,7 +5269,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5257,7 +5277,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5265,41 +5285,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5308,32 +5328,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5341,24 +5361,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5366,17 +5386,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5387,24 +5407,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5415,12 +5435,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5433,7 +5453,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5445,17 +5465,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5463,49 +5483,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5513,28 +5533,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5546,7 +5566,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5554,7 +5574,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5562,39 +5582,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5604,7 +5624,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5612,26 +5632,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5639,7 +5659,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5647,31 +5667,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5680,56 +5700,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5745,12 +5765,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5759,14 +5779,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5775,24 +5795,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5800,19 +5820,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5821,7 +5841,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5829,7 +5849,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5838,7 +5858,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5846,22 +5866,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5871,14 +5891,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5891,12 +5911,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5906,7 +5926,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5916,63 +5936,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5981,74 +6001,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6059,7 +6079,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6067,24 +6087,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6101,12 +6121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6114,36 +6134,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6151,14 +6171,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6168,101 +6188,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6271,59 +6291,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6332,22 +6352,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6356,14 +6376,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6371,7 +6391,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6384,27 +6404,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6420,13 +6440,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7956,7 +7976,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7971,7 +7991,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7986,12 +8006,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8012,12 +8032,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8041,17 +8061,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8059,7 +8079,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8086,7 +8106,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8099,12 +8119,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8123,60 +8143,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8290,26 +8310,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9749,9 +9769,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "debug_timestamps (bool)" ++msgid "ad_use_ldaps (bool)" ++msgstr "debug_timestamps (bool)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9761,19 +9799,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9783,12 +9821,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9796,7 +9834,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9811,7 +9849,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9820,7 +9858,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9828,7 +9866,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9838,7 +9876,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13930,10 +13968,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccaches (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13947,10 +13983,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13961,17 +13995,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "Standaard: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "enum_cache_timeout (integer)" + msgid "max_ccache_size (integer)" +-msgstr "enum_cache_timeout (numeriek)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -13982,10 +14012,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "Standaard: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15488,10 +15516,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "SERVICES SECTIE" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +diff --git a/src/man/po/pt.po b/src/man/po/pt.po +index a7796f3b9..f4e972337 100644 +--- a/src/man/po/pt.po ++++ b/src/man/po/pt.po +@@ -6,9 +6,9 @@ + # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:05+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +@@ -315,9 +315,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -337,16 +337,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Padrão: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -375,7 +375,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Padrão: 10" + +@@ -554,10 +554,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "try_inotify (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "try_inotify (boolean)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -679,8 +677,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -789,10 +787,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: sha256" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1762,7 +1758,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1826,7 +1822,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Padrão: none" + +@@ -1891,8 +1887,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5089,34 +5085,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "reconnection_retries (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Padrão: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5124,14 +5141,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5139,17 +5156,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5159,12 +5176,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5172,17 +5189,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_page_size (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_page_size (integer)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5190,7 +5222,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5201,7 +5233,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5210,7 +5242,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5218,19 +5250,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -5239,7 +5271,7 @@ msgstr "" + "qualquer certificado de servidor." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5247,7 +5279,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5255,7 +5287,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5263,41 +5295,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Padrão: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5306,32 +5338,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5339,24 +5371,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5364,17 +5396,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5385,24 +5417,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5413,12 +5445,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5431,7 +5463,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5443,17 +5475,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5461,50 +5493,50 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Padrão: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5512,28 +5544,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (integer)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Padrão: 86400 (24 horas)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5545,7 +5577,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5553,7 +5585,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5561,39 +5593,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5603,7 +5635,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5611,26 +5643,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5638,7 +5670,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5646,31 +5678,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5679,56 +5711,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5744,12 +5776,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5758,14 +5790,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5774,24 +5806,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5799,19 +5831,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5820,7 +5852,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5828,7 +5860,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5837,7 +5869,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5845,22 +5877,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5870,14 +5902,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5890,12 +5922,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5905,7 +5937,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5915,63 +5947,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Padrão: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5980,74 +6012,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6058,7 +6090,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6066,24 +6098,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6100,12 +6132,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6113,36 +6145,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6150,14 +6182,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6167,101 +6199,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6270,59 +6302,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "OPÇÕES AVANÇADAS" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (string)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6331,22 +6363,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6355,14 +6387,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPLO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6370,7 +6402,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6383,27 +6415,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6419,13 +6451,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTAS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7955,7 +7987,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7970,7 +8002,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7985,12 +8017,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -8011,12 +8043,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -8040,17 +8072,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8058,7 +8090,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8085,7 +8117,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8098,12 +8130,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8122,60 +8154,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8289,26 +8321,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9748,9 +9780,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (boolean)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9760,19 +9810,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9782,12 +9832,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Padrão: TRUE" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9795,7 +9845,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9810,7 +9860,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9819,7 +9869,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9827,7 +9877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9837,7 +9887,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13949,10 +13999,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccaches (integer)" +-msgstr "ldap_page_size (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -13966,10 +14014,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "min_id,max_id (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "min_id,max_id (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -13980,17 +14026,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "ldap_page_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "ldap_page_size (integer)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -14001,10 +14043,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Padrão: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -14479,10 +14519,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (string)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -14501,10 +14539,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +@@ -15296,10 +15332,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_search_base (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_search_base (string)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -15998,10 +16032,8 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout (integer)" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout (integer)" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +@@ -17029,6 +17061,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Padrão: homeDirectory" +diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po +index 368e3beca..95d0fee52 100644 +--- a/src/man/po/pt_BR.po ++++ b/src/man/po/pt_BR.po +@@ -2,9 +2,9 @@ + # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2017-01-29 10:11+0000\n" + "Last-Translator: Rodrigo de Araujo Sousa Fonseca " + "<rodrigodearaujo@fedoraproject.org>\n" +@@ -291,9 +291,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -313,16 +313,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -351,7 +351,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -649,8 +649,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -1730,7 +1730,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1794,7 +1794,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1859,8 +1859,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5029,34 +5029,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5064,14 +5083,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5079,17 +5098,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5099,12 +5118,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5112,17 +5131,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5130,7 +5162,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5141,7 +5173,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5150,7 +5182,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5158,26 +5190,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5185,7 +5217,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5193,7 +5225,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5201,41 +5233,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5244,32 +5276,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5277,24 +5309,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5302,17 +5334,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5323,24 +5355,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5351,12 +5383,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5369,7 +5401,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5381,17 +5413,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5399,49 +5431,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5449,28 +5481,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5482,7 +5514,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5490,7 +5522,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5498,39 +5530,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5540,7 +5572,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5548,26 +5580,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5575,7 +5607,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5583,31 +5615,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5616,56 +5648,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5681,12 +5713,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5695,14 +5727,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5711,24 +5743,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5736,19 +5768,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5757,7 +5789,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5765,7 +5797,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5774,7 +5806,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5782,22 +5814,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5807,14 +5839,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5827,12 +5859,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5842,7 +5874,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5852,63 +5884,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5917,74 +5949,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5995,7 +6027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6003,24 +6035,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6037,12 +6069,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6050,36 +6082,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6087,14 +6119,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6104,101 +6136,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6207,59 +6239,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6268,22 +6300,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6292,14 +6324,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6307,7 +6339,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6320,27 +6352,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6356,13 +6388,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7892,7 +7924,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7907,7 +7939,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7922,12 +7954,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7948,12 +7980,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7977,17 +8009,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7995,7 +8027,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8022,7 +8054,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8035,12 +8067,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8059,60 +8091,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8226,26 +8258,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9685,9 +9717,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9697,19 +9745,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9719,12 +9767,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9732,7 +9780,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9747,7 +9795,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9756,7 +9804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9764,7 +9812,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9774,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/ru.po b/src/man/po/ru.po +index 2325daba0..79c0c1b77 100644 +--- a/src/man/po/ru.po ++++ b/src/man/po/ru.po +@@ -6,9 +6,9 @@ + # Artyom Kunyov <artkun@guitarplayer.ru>, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:07+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" +@@ -296,9 +296,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -318,16 +318,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "По умолчанию: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -356,7 +356,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "По умолчанию: 10" + +@@ -654,8 +654,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -764,10 +764,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "По умолчанию: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1737,7 +1735,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1801,7 +1799,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1866,8 +1864,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5036,34 +5034,55 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "reconnection_retries (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "попыток_соединения (целое число)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5071,14 +5090,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5086,17 +5105,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5106,12 +5125,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5119,17 +5138,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5137,7 +5169,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5148,7 +5180,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5157,7 +5189,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5165,26 +5197,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5192,7 +5224,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5200,7 +5232,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5208,41 +5240,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5251,32 +5283,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5284,24 +5316,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5309,17 +5341,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5330,24 +5362,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5358,12 +5390,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5376,7 +5408,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5388,17 +5420,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5406,49 +5438,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5456,28 +5488,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5489,7 +5521,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5497,7 +5529,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5505,39 +5537,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5547,7 +5579,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5555,26 +5587,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5582,7 +5614,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5590,31 +5622,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5623,56 +5655,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5688,12 +5720,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5702,14 +5734,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5718,24 +5750,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5743,19 +5775,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5764,7 +5796,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5772,7 +5804,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5781,7 +5813,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5789,22 +5821,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5814,14 +5846,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5834,12 +5866,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5849,7 +5881,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5859,63 +5891,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5924,74 +5956,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6002,7 +6034,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6010,24 +6042,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6044,12 +6076,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6057,36 +6089,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6094,14 +6126,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6111,101 +6143,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6214,59 +6246,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6275,22 +6307,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6299,14 +6331,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "ПРИМЕР" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6314,7 +6346,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6327,27 +6359,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6363,13 +6395,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7899,7 +7931,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7914,7 +7946,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7929,12 +7961,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7955,12 +7987,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7984,17 +8016,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8002,7 +8034,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8029,7 +8061,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8042,12 +8074,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8066,60 +8098,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8233,26 +8265,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9692,9 +9724,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9704,19 +9752,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9726,12 +9774,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9739,7 +9787,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9754,7 +9802,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9763,7 +9811,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9771,7 +9819,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9781,7 +9829,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13900,10 +13948,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "По умолчанию: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13919,10 +13965,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "По умолчанию: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -16939,6 +16983,3 @@ msgstr "" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "" +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "По умолчанию: homeDirectory" +diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot +index fac55fd72..d8bcf2ee5 100644 +--- a/src/man/po/sssd-docs.pot ++++ b/src/man/po/sssd-docs.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:29+0100\n" ++"POT-Creation-Date: 2020-02-12 23:39+0100\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" + "Language-Team: LANGUAGE <LL@li.org>\n" +@@ -254,7 +254,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 ++#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" + +@@ -271,12 +271,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 ++#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1 + msgid "<placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" + +@@ -299,7 +299,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -599,7 +599,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 + msgid "Default: not set" + msgstr "" + +@@ -1672,7 +1672,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1733,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1039 ++#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1798,7 +1798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 include/ldap_id_mapping.xml:244 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" + +@@ -4964,34 +4964,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single " + "request. Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -4999,7 +5018,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use " +@@ -5007,7 +5026,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5015,17 +5034,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5035,12 +5054,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5048,17 +5067,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5066,7 +5098,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to " + "0. Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5077,7 +5109,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5086,7 +5118,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5094,26 +5126,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5121,7 +5153,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5129,7 +5161,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5137,41 +5169,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in " + "<filename>/etc/openldap/ldap.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5180,32 +5212,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5213,24 +5245,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem " + "class=\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5238,17 +5270,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5259,24 +5291,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5287,12 +5319,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5305,7 +5337,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5317,17 +5349,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5335,49 +5367,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5385,29 +5417,29 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is " + "used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of " +@@ -5419,7 +5451,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5427,7 +5459,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of " + "SSSD. While the legacy name is recognized for the time being, users are " +@@ -5436,39 +5468,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5478,7 +5510,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> " + "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +@@ -5487,26 +5519,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client " + "side. The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use " + "<citerefentry><refentrytitle>shadow</refentrytitle> " +@@ -5515,7 +5547,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5523,31 +5555,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5556,56 +5588,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5622,12 +5654,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5636,14 +5668,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5652,24 +5684,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5677,19 +5709,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5698,7 +5730,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " + "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " +@@ -5706,7 +5738,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5715,7 +5747,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option " + "<emphasis>must</emphasis> include <quote>expire</quote> in order for the " +@@ -5723,22 +5755,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5748,7 +5780,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the " + "<quote>ppolicy</quote> option and might be removed in a future release. " +@@ -5756,7 +5788,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5769,12 +5801,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5784,7 +5816,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5794,38 +5826,38 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control " +@@ -5833,24 +5865,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5859,74 +5891,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -5937,7 +5969,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -5945,24 +5977,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -5979,12 +6011,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -5992,36 +6024,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " + "</emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6029,14 +6061,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6046,100 +6078,100 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is " + "<emphasis>false</emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6148,59 +6180,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6209,22 +6241,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6233,12 +6265,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6246,7 +6278,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6259,24 +6291,24 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6292,12 +6324,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7831,7 +7863,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7846,7 +7878,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7861,12 +7893,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7887,12 +7919,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7916,17 +7948,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -7934,7 +7966,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -7962,7 +7994,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -7975,12 +8007,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -7999,60 +8031,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8166,26 +8198,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" + +@@ -9622,9 +9654,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9634,19 +9682,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9656,12 +9704,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and " + "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " +@@ -9669,7 +9717,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9684,7 +9732,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9693,7 +9741,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9701,7 +9749,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9711,7 +9759,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +diff --git a/src/man/po/sv.po b/src/man/po/sv.po +index edd640ae9..27f4ddb41 100644 +--- a/src/man/po/sv.po ++++ b/src/man/po/sv.po +@@ -2,9 +2,9 @@ + # Göran Uddeborg <goeran@uddeborg.se>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2019-11-11 02:33+0000\n" + "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" + "Language-Team: Swedish\n" +@@ -344,9 +344,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Standard: true" +@@ -368,16 +368,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Standard: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -409,7 +409,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Standard: 10" + +@@ -619,10 +619,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (boolean)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -638,21 +636,11 @@ msgstr "try_inotify (boolean)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD övervakar tillståndet hos resolv.conf för att identifiera när den " +-"behöver uppdatera sin interna DNS-uppslagning. Som standard kommer vi " +-"försöka använda inotify till detta, och kommer falla tillbaka på att polla " +-"resolv.conf var femte sekund om inotify inte kan användas." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:344 +@@ -770,13 +758,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -787,16 +768,10 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Observera att om detta alternativ anges måste alla användare från den " +-"primära domänen använda sitt fullständigt kvalificerade namn, t.ex. " +-"användare@domän.namn, för att logga in. Att ange detta alternativ ändrar " +-"standardet på use_fully_qualified_names till True. Det är inte tillåtet att " +-"använda detta alternativ tillsammans med use_fully_qualified_names satt " +-"till False." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -866,10 +841,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 +@@ -919,10 +892,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Standard: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -2097,7 +2068,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> för en viss domän." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Standard: 0" + +@@ -2174,7 +2145,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Standard: none" + +@@ -2251,8 +2222,8 @@ msgstr "" + "autentiseringsprocessen är detta alternativ avaktiverat som standard." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Default: False" +@@ -2626,10 +2597,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2650,10 +2619,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Default: not set (blanka kommer inte ersättas)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3312,13 +3279,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 +-#, fuzzy +-#| msgid "" +-#| "This option specifies the maximum allowed number of nested containers." + msgid "This option is automatically inherited for all trusted domains." + msgstr "" +-"Detta alternativ specificerar det maximala antalet tillåtna nästlade " +-"behållare." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4531,13 +4493,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -4545,11 +4500,6 @@ msgid "" + "GID in the user entry is also used by a group object, the primary GID of the " + "user resolves to that group object." + msgstr "" +-"En primär grupp autogenereras för användarposter vars UID- och GID-nummer " +-"har samma värde och GID-numret på samma gång inte motsvarar ett verkligt " +-"gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i " +-"användarposten även används av ett gruppobjekt slås användarens primära GID " +-"upp till det gruppobjektet. " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3218 +@@ -5291,22 +5241,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " + "select the prompting might not be suitable for all use cases. The following " + "options should provide a better flexibility here." + msgstr "" +-"Med det växande antalet autentiseringsmetoder och möjligheten att det finns " +-"flera olika för en enskild användare kan det hända att heurestiken som " +-"används av pam_sss för att välja fråga inte är lämplig för alla " +-"användarfall. Följande alternativ bör ge en bättre flexibilitet här." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:3705 +@@ -5364,19 +5304,11 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " + "string" + msgstr "" +-"booleskt värde, om True kommer det bara vara en fråga som använder värdet på " +-"first_prompt där det förväntas att båda faktorerna matas in som en enda " +-"sträng" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3719 +@@ -5389,37 +5321,19 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" + "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>" + msgstr "" +-"Varje autentiseringsmetod som stödjs har sin ege konfigurationsundersektion " +-"under <quote>[prompting/…]</quote>. För närvarande finns det: <placeholder " +-"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +-">" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " + "for this service." + msgstr "" +-"Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som " +-"t.ex. <quote>[prompting/password/sshd]</quote> för att ändra frågorna " +-"enskild för denna tjänst." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43 +@@ -6200,17 +6114,38 @@ msgstr "" + "(detta värde eller TGT-livslängden) användas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Standard: 900 (15 minuter)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (heltal)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6219,17 +6154,17 @@ msgstr "" + "LDAP-servrar framtvingar en maximal gräns per begäran." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Standard: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6240,7 +6175,7 @@ msgstr "" + "RootDSE men det inte är aktiverat eller inte fungerar som det skall." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6250,7 +6185,7 @@ msgstr "" + "den." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6261,17 +6196,17 @@ msgstr "" + "att några begäranden nekas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Avaktivera Active Directory intervallhämtning." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6287,12 +6222,12 @@ msgstr "" + "medlemmar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6303,17 +6238,40 @@ msgstr "" + "detta alternativ är definierat av OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (heltal)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Vid kommunikation med en LDAP-server med SASL, ange den minsta " ++"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på " ++"detta alternativ är definierat av OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6324,7 +6282,7 @@ msgstr "" + "individuellt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6341,7 +6299,7 @@ msgstr "" + "rootDSE-objektet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6354,7 +6312,7 @@ msgstr "" + "OpenLDAP och Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6365,12 +6323,12 @@ msgstr "" + "oavsett denna inställning." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6379,7 +6337,7 @@ msgstr "" + "några. Det kan anges som ett av följande värden:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6388,7 +6346,7 @@ msgstr "" + "några servercertifikat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6399,7 +6357,7 @@ msgstr "" + "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6410,7 +6368,7 @@ msgstr "" + "tillhandahålls avslutas sessionen omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6421,22 +6379,22 @@ msgstr "" + "avslutas sessionen omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Standard: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6445,7 +6403,7 @@ msgstr "" + "<command>sssd</command> kommer godkänna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6454,12 +6412,12 @@ msgstr "" + "openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6473,32 +6431,32 @@ msgstr "" + "namnen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Anger filen som innehåller certifikatet för klientens nyckel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Anger filen som innehåller klientens nyckel." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6509,12 +6467,12 @@ msgstr "" + "manvolnum></citerefentry> för formatet." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6523,12 +6481,12 @@ msgstr "" + "\"protocol\">tls</systemitem> för att skydda kanalen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6539,18 +6497,18 @@ msgstr "" + "förlita sig på ldap_user_uid_number och ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "För närvarande stödjer denna funktion endast Active Direcotory objectSID" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6568,17 +6526,17 @@ msgstr "" + "Underdomäner kan sedan välja andra intervall för att översätta ID:n." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "Standard: inte satt (båda alternativen är satta till 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6587,7 +6545,7 @@ msgstr "" + "GSSAPI och GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6603,12 +6561,12 @@ msgstr "" + "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6628,7 +6586,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6648,17 +6606,17 @@ msgstr "" + "keytab." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Standard: host/värdnamn@RIKE" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6669,17 +6627,17 @@ msgstr "" + "ignoreras detta alternativ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Standard: värdet på krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6688,34 +6646,34 @@ msgstr "" + "att ta fram värdnamnets kanoniska form under en SASL-bindning" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Standard: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6726,29 +6684,29 @@ msgstr "" + "eller GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Standard: 86400 (24 timmar)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6766,7 +6724,7 @@ msgstr "" + "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6777,7 +6735,7 @@ msgstr "" + "hittas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6789,27 +6747,27 @@ msgstr "" + "<quote>krb5_server</quote> istället." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6818,12 +6776,12 @@ msgstr "" + "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -6838,7 +6796,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -6849,12 +6807,12 @@ msgstr "" + "om lokaliseringsinsticksmodulen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -6863,7 +6821,7 @@ msgstr "" + "värden är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -6872,7 +6830,7 @@ msgstr "" + "alternativ kan inte avaktivera lösenordspolicyer på serversidan." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -6883,7 +6841,7 @@ msgstr "" + "manvolnum></citerefentry> för att utvärdera om lösenordet har gått ut." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -6894,7 +6852,7 @@ msgstr "" + "chpass_provider=krb5 för att uppdatera dessa attribut när läsenordet ändras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -6903,17 +6861,17 @@ msgstr "" + "kommer den alltid gå före framför policyn som sätts med detta alternativ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -6922,7 +6880,7 @@ msgstr "" + "kompilerad med OpenLDAP version 2.4.13 eller senare." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -6935,28 +6893,28 @@ msgstr "" + "alternativ till falskt medföra en märkbar prestandaförbättring." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Standard: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -6965,17 +6923,17 @@ msgstr "" + "lösenordsändringar när tjänsteupptäckte är aktiverat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -6984,12 +6942,12 @@ msgstr "" + "dagar sedan epoken efter en ändring av lösenord." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7017,12 +6975,12 @@ msgstr "" + "manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Exempel:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7034,7 +6992,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7043,7 +7001,7 @@ msgstr "" + "användare vars attribut employeeType är satt till ”admin”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7056,17 +7014,17 @@ msgstr "" + "fortsätta ges åtkomst under frånkoppling, och vice versa." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Standard: Empty" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7075,7 +7033,7 @@ msgstr "" + "åtkomststyrningsattribut aktiveras." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7086,12 +7044,12 @@ msgstr "" + "felkod även om lösenordet är korrekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Följande värden är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7100,7 +7058,7 @@ msgstr "" + "att avgöra om kontot har gått ut." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7113,7 +7071,7 @@ msgstr "" + "kontot kontrolleras också." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7124,7 +7082,7 @@ msgstr "" + "tillåts eller inte." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7137,7 +7095,7 @@ msgstr "" + "åtkomst." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7148,23 +7106,23 @@ msgstr "" + "ldap_account_expire_policy skall fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7179,7 +7137,7 @@ msgstr "" + "fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7189,7 +7147,7 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7210,12 +7168,12 @@ msgstr "" + "måste vara satt för att denna funktion skall fungera." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7230,7 +7188,7 @@ msgstr "" + "exempel SSH-nycklar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7244,7 +7202,7 @@ msgstr "" + "pwd_expire_policy_renew – användaren ombeds ändra sitt lösenord omedelbart." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7252,7 +7210,7 @@ msgstr "" + "meddelande av SSSD." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7262,7 +7220,7 @@ msgstr "" + "lämplig lösenordspolicy." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7271,13 +7229,13 @@ msgstr "" + "för att avgöra åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7286,7 +7244,7 @@ msgstr "" + "fjärrvärdar kan få åtkomst" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7296,12 +7254,12 @@ msgstr "" + "åtkomstkontroll aktiveras" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Standard: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7310,12 +7268,12 @@ msgstr "" + "gång." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7328,22 +7286,22 @@ msgstr "" + "LDAP-servern inte kan kontrolleras ordentligt. " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Exempel: cn=ppolicy,ou=policies,dc=exempel,dc=se" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7352,12 +7310,12 @@ msgstr "" + "alternativ är tillåtna:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7366,7 +7324,7 @@ msgstr "" + "basobjektet, men inte vid lokalisering basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7375,7 +7333,7 @@ msgstr "" + "basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7384,7 +7342,7 @@ msgstr "" + "lokalisering av basobjektet för sökningen." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7393,12 +7351,12 @@ msgstr "" + "klientbiblioteken)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7407,7 +7365,7 @@ msgstr "" + "servrar som använder schemat RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7424,7 +7382,7 @@ msgstr "" + "via anrop av getpw*() eller initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7435,12 +7393,12 @@ msgstr "" + "de lokala användarna med de extra LDAP-grupperna." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7449,25 +7407,18 @@ msgstr "" + "jokertecken." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "För närvarande stödjer endast respondenten InfoPipe jockeruppslagningar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Standard: 1000 (ofta storleken på en sida)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7477,19 +7428,14 @@ msgid "" + "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " + "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" + msgstr "" +-"Alla de vanliga konfigurationsalternativen som gäller SSSD-domäner gäller " +-"även LDAP-domäner. Se avsnittet <quote>DOMÄNSEKTIONER</quote> av " +-"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry> för fullständiga detaljer. " +-"<placeholder type=\"variablelist\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "SUDOALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7500,12 +7446,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7515,7 +7461,7 @@ msgstr "" + "servern)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7524,17 +7470,17 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Standard: 21600 (6 timmar)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7545,7 +7491,7 @@ msgstr "" + "USN-värde som för närvarande är känt av SSSD)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7554,7 +7500,7 @@ msgstr "" + "istället." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7570,12 +7516,12 @@ msgstr "" + "<emphasis>ldap_connection_expire_timeout</emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7584,12 +7530,12 @@ msgstr "" + "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7598,7 +7544,7 @@ msgstr "" + "domännamn som skall användas för att filtrera reglerna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7607,8 +7553,8 @@ msgstr "" + "fullständigt kvalificerade domännamnet automatiskt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7617,17 +7563,17 @@ msgstr "" + "emphasis> har detta alternativ ingen effekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Standard: inte angivet" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7636,7 +7582,7 @@ msgstr "" + "skall användas för att filtrera reglerna." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7645,12 +7591,12 @@ msgstr "" + "automatiskt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7659,12 +7605,12 @@ msgstr "" + "attributet sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7673,7 +7619,7 @@ msgstr "" + "attributet sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7682,7 +7628,7 @@ msgstr "" + "LDAP-serversidan!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7695,12 +7641,12 @@ msgstr "" + "manvolnum> </citerefentry>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "AUTOFSALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7708,47 +7654,47 @@ msgstr "" + "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Namnet på automount master-kartan i LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Standard: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "AVANCERADE ALTERNATIV" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7761,22 +7707,22 @@ msgstr "" + "avaktivera denna funktion om gruppnamn inte visas korrekt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7789,14 +7735,14 @@ msgstr "" + "\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "EXEMPEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7806,7 +7752,7 @@ msgstr "" + "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7826,20 +7772,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -7848,7 +7794,7 @@ msgstr "" + "ldap_access_order=lockout används." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -7874,13 +7820,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "NOTER" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -9784,7 +9730,7 @@ msgstr "" + "identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (boolean)" + +@@ -9804,7 +9750,7 @@ msgstr "" + "alternativet <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -9824,12 +9770,12 @@ msgstr "" + "använda <emphasis>dyndns_update</emphasis> i sin konfigurationsfil." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (heltal)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -9856,12 +9802,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Default: 1200 (sekunder)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -9894,17 +9840,17 @@ msgstr "" + "förbindelsen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "dyndns_auth (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -9915,7 +9861,7 @@ msgstr "" + "sätta detta alternativ till ”none”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "Standard: GSS-TSIG" + +@@ -9949,7 +9895,7 @@ msgstr "" + "upptäckten används som backup-servrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (heltal)" + +@@ -9965,12 +9911,12 @@ msgstr "" + "alternativ är valfritt och tillämpligt endast när dyndns_update är sann." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -9993,12 +9939,12 @@ msgid "Default: False (disabled)" + msgstr "Standard: False (avaktiverat)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (bool)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -10007,17 +9953,17 @@ msgstr "" + "med DNS-servern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Standard: False (låt nsupdate välja protokollet)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "dyndns_server (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." +@@ -10026,7 +9972,7 @@ msgstr "" + "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." +@@ -10035,7 +9981,7 @@ msgstr "" + "skild från identitetsservern." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." +@@ -10045,17 +9991,17 @@ msgstr "" + "inställningar misslyckas." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "Standard: Ingen (låt nsupdate välja servern)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "dyndns_update_per_family (boolean)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10183,12 +10129,12 @@ msgstr "" + "till bas-DN:en för att användas när LDAP-operationer utförs." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." +@@ -10197,7 +10143,7 @@ msgstr "" + "för Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." +@@ -10206,7 +10152,7 @@ msgstr "" + "”none”." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11252,19 +11198,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " + "information on the supported policy settings please refer to the " + "<quote>ad_gpo_map</quote> options." + msgstr "" +-"GPO-baserad åtkomstkontrollsfunktionalitet använder GPO-policyinställningar " +-"för att avgöra huruvida en viss användare tillåts att logga på en viss värd." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -11322,16 +11261,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -11344,14 +11273,6 @@ msgid "" + "functions' is required (see <citerefentry> <refentrytitle>sssctl</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." + msgstr "" +-"OBS: Om arbetsläget är satt till tvingande är det möjligt att användare som " +-"tidigare tilläts inloggningsåtkomst nu kommer att nekas inloggningsåtkomst " +-"(som det dikteras av GPO-policyinställningarna). För att möjliggöra en " +-"smidig övergång för administratörer är ett tillåtande läge tillgängligt som " +-"inte kommer tvinga reglerna för åtkomstkontroll, men kommer beräkna dem och " +-"skriva ut ett syslog-meddelande om åtkomst skulle ha nekats. Genom att " +-"granska loggarna kan administratörer sedan göra de nödvändiga ändringarna " +-"före de ställer in arbetsläget till tvingande." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -12012,9 +11933,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "Standard: 86400:750 (24h och 15m)" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (boolean)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -12030,12 +11969,12 @@ msgstr "" + "på annat sätt med alternativet <quote>dyndns_iface</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Standard: 3600 (sekunder)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" +@@ -12044,7 +11983,7 @@ msgstr "" + "förbindelsen" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -12059,12 +11998,12 @@ msgstr "" + "mindre än 60 ges kommer parametern endast anta det lägsta värdet." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Standard: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -12075,7 +12014,7 @@ msgstr "" + "exempel visar endast alternativ som är specifika för leverantören AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -12099,7 +12038,7 @@ msgstr "" + "ad_domain = exempel.se\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -12111,7 +12050,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -12122,7 +12061,7 @@ msgstr "" + "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -12137,7 +12076,7 @@ msgstr "" + "krypteringsdetaljer) manuellt." + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -12754,16 +12693,10 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." + msgstr "" +-"Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer " +-"klientprogram inte använda den snabba cachen i minnet." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +@@ -14016,38 +13949,20 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:518 +-#, fuzzy +-#| msgid "" +-#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a " +-#| "colon. The first number represents number of primary servers used and the " +-#| "second number specifies the number of backup servers." + msgid "" + "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " + "The first number represents number of primary servers used and the second " + "number specifies the number of backup servers." + msgstr "" +-"Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett " +-"kolon. Det första talet representerar antalet primärservrar som används och " +-"det andra talet anger antalet reservservrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +-#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup " +-#| "servers." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " + "servers." + msgstr "" +-"Till exempel betyder <emphasis>10:0</emphasis> att upp till 10 primärservrar " +-"kommer lämnas till<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. men inga " +-"reservservrar." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -17121,21 +17036,11 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> + #: sssd-kcm.8.xml:61 +-#, fuzzy +-#| msgid "" +-#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> " +-#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </" +-#| "citerefentry> secrets store, allowing the ccaches to survive KCM server " +-#| "restarts or machine reboots." + msgid "" + "the SSSD implementation stores the ccaches in a database, typically located " + "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " + "survive KCM server restarts or machine reboots." + msgstr "" +-"SSSD-implementationen sparar ccache:rna i SSSD:s hemlighetsförråd " +-"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" +-"manvolnum> </citerefentry>, vilket gör att ccache:rna kan överleva att KCM-" +-"servern eller hela maskinen startas om." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:67 +@@ -17322,24 +17227,12 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the files provider for <citerefentry> " +-#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +-#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"Denna manualsida besriver filleverantören till <citerefentry> " +-"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-"citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +-"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -17373,10 +17266,8 @@ msgstr "Standard: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "max_secrets (integer)" + msgid "max_ccaches (integer)" +-msgstr "max_secrets (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 +@@ -17390,10 +17281,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "max_uid_secrets (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "max_uid_secrets (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -17404,17 +17293,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Standard: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "max_payload_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "max_payload_size (heltal)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -17425,10 +17310,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Standard: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -17608,13 +17491,7 @@ msgstr "Känner av funktionen sdap_get_generic_ext_send()." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:152 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "base:string\n" +-#| "scope:integer\n" +-#| "filter:string\n" +-#| "probestr:string\n" +-#| " " ++#, no-wrap + msgid "" + "base:string\n" + "scope:integer\n" +@@ -17623,11 +17500,6 @@ msgid "" + "probestr:string\n" + " " + msgstr "" +-"base:sträng\n" +-"scope:heltal\n" +-"filter:sträng\n" +-"probestr:sträng\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:161 +@@ -17657,10 +17529,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_deref_send" + msgid "probe sdap_parse_entry" +-msgstr "testpunkt sdap_deref_send" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -17671,24 +17541,17 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "filter:string\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"filter:sträng\n" +-" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "testpunkt dp_req_done" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -17976,10 +17839,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 +@@ -17998,28 +17859,16 @@ msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "SSSD LDAP-leverantör" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -18027,11 +17876,6 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"Denna manualsida beskriver beskriver konfigurationen av LDAP-domäner för " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Se avsnittet <quote>FILFORMAT</quote> av manualsidan " +-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-"manvolnum> </citerefentry> för detaljerad syntaxinformation." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 +@@ -18907,10 +18751,8 @@ msgstr "ldap_group_modify_timestamp (sträng)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (sträng)" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -19132,10 +18974,8 @@ msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "TJÄNSTESEKTIONER" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -19380,10 +19220,8 @@ msgstr "Standard: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "AUTOFSALTERNATIV" ++msgstr "" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -19691,19 +19529,15 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +-#, fuzzy +-#| msgid "How long would SSSD talk to a single DNS server." + msgid "" + "Time in milliseconds that sets how long would SSSD talk to a single DNS " + "server before trying next one." +-msgstr "Hur länge SSSD skall prata med en enskild DNS-server." ++msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:90 +@@ -19749,13 +19583,6 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para> + #: include/failover.xml:123 +-#, fuzzy +-#| msgid "" +-#| "For LDAP-based providers, the resolve operation is performed as part of " +-#| "an LDAP connection operation. Therefore, also the " +-#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value " +-#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a " +-#| "larger value than <quote>dns_resolver_op_timeout</quote>." + msgid "" + "For LDAP-based providers, the resolve operation is performed as part of an " + "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></" +@@ -19764,11 +19591,6 @@ msgid "" + "value than <quote>dns_resolver_op_timeout</quote> which should be larger " + "than <quote>dns_resolver_server_timeout</quote>." + msgstr "" +-"För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av " +-"LDAP-anslutningsoperationen. Därför skall även tidsgränsen " +-"<quote>ldap_opt_timeout></quote> sättas till ett större värde än " +-"<quote>dns_resolver_timeout</quote> som i sin tur skall sättas till ett " +-"större värde än <quote>dns_resolver_op_timeout</quote>." + + #. type: Content of: <refsect1><title> + #: include/ldap_id_mapping.xml:2 +@@ -21008,93 +20830,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "ldap_group_external_member = ipaExternalMember" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "Bakgrundsuppdateringen kommer bearbeta användare, grupper och nätgrupper " +-#~ "i cachen." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Standard: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (heltal)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the InteractiveLogonRight and " +-#~ "DenyInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "InteractiveLogonRight och DenyInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the RemoteInteractiveLogonRight and " +-#~ "DenyRemoteInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the NetworkLogonRight and " +-#~ "DenyNetworkLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "NetworkLogonRight och DenyNetworkLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +-#~ "policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight " +-#~ "och DenyBatchLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the ServiceLogonRight and " +-#~ "DenyServiceLogonRight policy settings." +-#~ msgstr "" +-#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +-#~ "åtkomstkontroll beräknas baserat på policyinställningarna " +-#~ "ServiceLogonRight och DenyServiceLogonRight." +- +-#~ msgid "" +-#~ "The KCM service is configured in the <quote>kcm</quote> section of the " +-#~ "sssd.conf file. Please note that currently, is it not sufficient to " +-#~ "restart the sssd-kcm service, because the sssd configuration is only " +-#~ "parsed and read to an internal configuration database by the sssd " +-#~ "service. Therefore you must restart the sssd service if you change " +-#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed " +-#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +-#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-#~ "manvolnum> </citerefentry> manual page." +-#~ msgstr "" +-#~ "Tjänsten KCM konfigureras i avsnittet <quote>kcm</quote> av filen sssd." +-#~ "conf file. Observera att för närvarande är det inte tillräckligt att " +-#~ "starta om tjänsten sssd-kcm, eftersom konfigurationen av sssd bara tolkas " +-#~ "och läses till en intern konfigurationsdatabas av tjänsten sssd. Därför " +-#~ "måste man starta om tjänsten sssd om man ändrar något i avsnittet " +-#~ "<quote>kcm</quote> av sssd.conf. för en detaljerad syntaxreferens, se " +-#~ "avsnittet <quote>FILFORMAT</quote> manualsidan <citerefentry> " +-#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-#~ "citerefentry>." +diff --git a/src/man/po/tg.po b/src/man/po/tg.po +index d723e7aa1..079c73eca 100644 +--- a/src/man/po/tg.po ++++ b/src/man/po/tg.po +@@ -5,9 +5,9 @@ + # Translators: + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:10+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +@@ -294,9 +294,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Пешфарз: true" +@@ -316,16 +316,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Пешфарз: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -354,7 +354,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Пешфарз: 10" + +@@ -652,8 +652,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -762,10 +762,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Пешфарз: 5" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1735,7 +1733,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Пешфарз: 0" + +@@ -1799,7 +1797,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1864,8 +1862,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5034,34 +5032,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5069,14 +5086,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5084,17 +5101,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5104,12 +5121,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5117,17 +5134,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5135,7 +5165,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5146,7 +5176,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5155,7 +5185,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5163,26 +5193,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5190,7 +5220,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5198,7 +5228,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5206,41 +5236,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5249,32 +5279,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5282,24 +5312,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5307,17 +5337,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5328,24 +5358,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5356,12 +5386,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5374,7 +5404,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5386,17 +5416,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5404,49 +5434,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Пешфарз: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5454,28 +5484,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5487,7 +5517,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5495,7 +5525,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5503,39 +5533,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5545,7 +5575,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5553,26 +5583,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5580,7 +5610,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5588,31 +5618,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5621,56 +5651,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5686,12 +5716,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Намуна:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5700,14 +5730,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5716,24 +5746,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5741,19 +5771,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5762,7 +5792,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5770,7 +5800,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5779,7 +5809,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5787,22 +5817,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5812,14 +5842,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5832,12 +5862,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5847,7 +5877,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5857,63 +5887,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5922,74 +5952,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6000,7 +6030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6008,24 +6038,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6042,12 +6072,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6055,36 +6085,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6092,14 +6122,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6109,101 +6139,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6212,59 +6242,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6273,22 +6303,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6297,14 +6327,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "НАМУНА" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6312,7 +6342,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6325,27 +6355,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6361,13 +6391,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ЭЗОҲҲО" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7897,7 +7927,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7912,7 +7942,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7927,12 +7957,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7953,12 +7983,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7982,17 +8012,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8000,7 +8030,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8027,7 +8057,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8040,12 +8070,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8064,60 +8094,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8231,26 +8261,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9690,9 +9720,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9702,19 +9748,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9724,12 +9770,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9737,7 +9783,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9752,7 +9798,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9761,7 +9807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9769,7 +9815,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9779,7 +9825,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13898,10 +13944,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Пешфарз: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13917,10 +13961,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Пешфарз: 6" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +diff --git a/src/man/po/uk.po b/src/man/po/uk.po +index 16d288464..1c706cc16 100644 +--- a/src/man/po/uk.po ++++ b/src/man/po/uk.po +@@ -12,10 +12,10 @@ + # Yuri Chornoivan <yurchor@ukr.net>, 2019. #zanata + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" +-"PO-Revision-Date: 2019-06-14 04:59+0000\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" ++"PO-Revision-Date: 2019-12-03 01:50+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/" + "uk/)\n" +@@ -362,9 +362,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "Типове значення: true" +@@ -387,16 +387,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "Типове значення: false" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -429,7 +429,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "Типове значення: 10" + +@@ -642,10 +642,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:322 +-#, fuzzy +-#| msgid "krb5_use_kdcinfo (boolean)" + msgid "monitor_resolv_conf (boolean)" +-msgstr "krb5_use_kdcinfo (булеве значення)" ++msgstr "monitor_resolv_conf (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:325 +@@ -653,6 +651,8 @@ msgid "" + "Controls if SSSD should monitor the state of resolv.conf to identify when it " + "needs to update its internal DNS resolver." + msgstr "" ++"Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення " ++"моменту, коли слід оновити дані вбудованого інструмента визначення DNS." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:335 +@@ -661,20 +661,13 @@ msgstr "try_inotify (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:338 +-#, fuzzy +-#| msgid "" +-#| "SSSD monitors the state of resolv.conf to identify when it needs to " +-#| "update its internal DNS resolver. By default, we will attempt to use " +-#| "inotify for this, and will fall back to polling resolv.conf every five " +-#| "seconds if inotify cannot be used." + msgid "" + "By default, SSSD will attempt to use inotify to monitor configuration files " + "changes and will fall back to polling every five seconds if inotify cannot " + "be used." + msgstr "" +-"SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід " +-"оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою " +-"використовується inotify. У разі неможливості використання inotify, " ++"Типово, з метою спостереження за змінами у файлах налаштувань SSSD " ++"намагається використати inotify. Якщо використати inotify не вдається, " + "виконуватиметься опитування resolv.conf кожні п’ять секунд." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +@@ -794,13 +787,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:420 +-#, fuzzy +-#| msgid "" +-#| "Please note that if this option is set all users from the primary domain " +-#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +-#| "Setting this option changes default of use_fully_qualified_names to True. " +-#| "It is not allowed to use this option together with " +-#| "use_fully_qualified_names set to False." + msgid "" + "Please note that if this option is set all users from the primary domain " + "have to use their fully qualified name, e.g. user@domain.name, to log in. " +@@ -811,16 +797,20 @@ msgid "" + "nss_files and therefore their output is not qualified even when the " + "default_domain_suffix option is used." + msgstr "" +-"Будь ласка, зауважте, що якщо встановлено цей параметр, для усіх " +-"користувачів із основного домену доведеться використовувати ім’я повністю, " +-"тобто користувач@назва.домену, для входу до системи. Встановлення цього " +-"параметра змінює типове значення use_fully_qualified_names на True. Цей " +-"параметр не можна використовувати у поєднанні із значенням " +-"use_fully_qualified_names рівним False." ++"Будь ласка, зауважте, що якщо встановлено цей параметр, для входу до системи " ++"усім користувачам із основного домену доведеться використовувати повне ім'я " ++"користувача — користувач@назва.домену. Встановлення цього параметра змінює " ++"типове значення параметра use_fully_qualified_names на True. Цей параметр не " ++"можна використовувати у поєднанні із встановленням для параметра " ++"use_fully_qualified_names значення False. Єдиним виключенням з цього правила " ++"є домени із <quote>id_provider=files</quote>, для яких завжди виконується " ++"спроба встановлення поведінки, як відповідає nss_files, а отже, виведені " ++"імена для них не будуть повними, навіть якщо використано параметр " ++"default_domain_suffix." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -890,15 +880,13 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:483 +-#, fuzzy +-#| msgid "no_ocsp" + msgid "soft_ocsp" +-msgstr "no_ocsp" ++msgstr "soft_ocsp" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:485 sssd.conf.5.xml:585 + msgid "(NSS Version) This option is ignored." +-msgstr "" ++msgstr "(Версія для NSS) Цей параметр буде проігноровано." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:488 +@@ -908,11 +896,15 @@ msgid "" + "authentication when the system is offline and the OCSP responder cannot be " + "reached." + msgstr "" ++"(Версія для OpenSSL) Якщо не вдасться встановити з'єднання із відповідачем " ++"OCSP, перевірку OCSP буде пропущено. Цим параметром слід користуватися для " ++"того, щоб дозволити розпізнавання тоді, коли система працює автономно, отже " ++"відповідач OCSP є недоступним." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:498 + msgid "ocsp_dgst" +-msgstr "" ++msgstr "ocsp_dgst" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:500 +@@ -920,39 +912,41 @@ msgid "" + "Digest (hash) function used to create the certificate ID for the OCSP " + "request. Allowed values are:" + msgstr "" ++"Функція обчислення контрольної суми (хешу), яку буде використано для " ++"створення ідентифікатора сертифіката для запиту OCSP. Можливі значення:" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:504 + msgid "sha1" +-msgstr "" ++msgstr "sha1" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:505 + msgid "sha256" +-msgstr "" ++msgstr "sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:506 + msgid "sha384" +-msgstr "" ++msgstr "sha384" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd.conf.5.xml:507 + msgid "sha512" +-msgstr "" ++msgstr "sha512" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 5" + msgid "Default: sha256" +-msgstr "Типове значення: 5" ++msgstr "Типове значення: sha256" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 + msgid "" + "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally." + msgstr "" ++"(Версія для NSS) Цей параметр буде проігноровано, оскільки у NSS завжди " ++"використовується sha1." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:518 +@@ -1059,7 +1053,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> + #: sssd.conf.5.xml:583 + msgid "soft_crl" +-msgstr "" ++msgstr "soft_crl" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:588 +@@ -1069,6 +1063,10 @@ msgid "" + "allow authentication when the system is offline and the CRL cannot be " + "renewed." + msgstr "" ++"(Версія для OpenSSL) Якщо строк дії списку відкликання сертифікатів (CRL) " ++"вичерпано, перевірки CRL для відповідних сертифікатів буде проігноровано. " ++"Цим параметром слід користуватися для уможливлення розпізнавання у системах, " ++"які працюють у автономному режимі, коли оновлення CRL є неможливим." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:468 +@@ -2157,7 +2155,7 @@ msgstr "" + "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "Типове значення: 0" + +@@ -2236,7 +2234,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "Типове значення: none" + +@@ -2315,8 +2313,8 @@ msgstr "" + "розпізнавання, типово таку сертифікацію вимкнено." + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "Типове значення: False" +@@ -2696,10 +2694,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1751 +-#, fuzzy +-#| msgid "ldap_user_certificate (string)" + msgid "ssh_use_certificate_matching_rules (string)" +-msgstr "ldap_user_certificate (рядок)" ++msgstr "ssh_use_certificate_matching_rules (рядок)" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1754 +@@ -2710,6 +2706,12 @@ msgid "" + "comma separated list of mapping and matching rule names. All other rules " + "will be ignored." + msgstr "" ++"Типово, відповідач SSH буде використовувати усі доступні правила " ++"встановлення відповідності сертифікатів для фільтрування сертифікатів, тому " ++"ключі SSH будуть створюватися лише на основі відповідних правилам " ++"сертифікатів. За допомогою цього параметра можна обмежити перелік " ++"використаних правил на основі списку назв правил прив'язки і відповідності, " ++"відокремлених комами. Усі інші правила буде проігноровано." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1763 +@@ -2717,13 +2719,14 @@ msgid "" + "If a non-existing rule name is given all rules will be ignored and all " + "available certificates will be used to derive ssh keys." + msgstr "" ++"Якщо буде вказано назву правила, якого не існує, буде проігноровано усі " ++"правила, а для створення ключів SSH буде використано усі доступні " ++"сертифікати." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1768 +-#, fuzzy +-#| msgid "Default: not set (spaces will not be replaced)" + msgid "Default: not set, all found rules are used" +-msgstr "Типове значення: не встановлено (пробіли не замінятимуться)" ++msgstr "Типове значення: не встановлено, буде використано усі знайдені правила" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> + #: sssd.conf.5.xml:1773 +@@ -3389,15 +3392,16 @@ msgid "" + "user, typically ran at login) operation in the past, both the user entry " + "and the group membership are updated." + msgstr "" ++"Під час фонового оновлення виконуватиметься обробка записів користувачів, " ++"груп та мережевих груп у кеші. для записів користувачів, для яких " ++"виконувалися дії з ініціювання груп (отримання даних щодо участі користувача " ++"у групах, які типово виконуються під час входу до системи), буде оновлено і " ++"запис користувача, і дані щодо участі у групах." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2263 +-#, fuzzy +-#| msgid "" +-#| "This option specifies the maximum allowed number of nested containers." + msgid "This option is automatically inherited for all trusted domains." +-msgstr "" +-"Цей параметр визначає максимальну дозволену кількість вкладених контейнерів." ++msgstr "Цей параметр автоматично успадковується для усіх довірених доменів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:2267 +@@ -4646,13 +4650,6 @@ msgstr "hybrid" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3205 +-#, fuzzy +-#| msgid "" +-#| "A primary group is autogenerated for user entries whose UID and GID " +-#| "numbers have the same value and at the same time the GID number does not " +-#| "correspond to a real group object in LDAP If the values are the same, but " +-#| "the primary GID in the user entry is also used by a group object, the " +-#| "primary GID of the user resolves to that group object." + msgid "" + "A primary group is autogenerated for user entries whose UID and GID numbers " + "have the same value and at the same time the GID number does not correspond " +@@ -5410,12 +5407,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3693 +-#, fuzzy +-#| msgid "" +-#| "With the growing number of authentication methods and the possibility " +-#| "that there are multiple ones for a single user the heuristic used by " +-#| "pam_sss to select the prompting might not be suitable for all use cases. " +-#| "To following options should provide a better flexibility here." + msgid "" + "With the growing number of authentication methods and the possibility that " + "there are multiple ones for a single user the heuristic used by pam_sss to " +@@ -5484,11 +5475,6 @@ msgstr "single_prompt" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:3730 +-#, fuzzy +-#| msgid "" +-#| "boolean value, if True there will be only a single prompt using the value " +-#| "of first_prompt where it is expected that both factor are entered as a " +-#| "single string" + msgid "" + "boolean value, if True there will be only a single prompt using the value of " + "first_prompt where it is expected that both factors are entered as a single " +@@ -5509,12 +5495,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3700 +-#, fuzzy +-#| msgid "" +-#| "Each supported authentication method has it's own configuration sub-" +-#| "section under <quote>[prompting/...]</quote>. Currently there are: " +-#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#| "\"variablelist\" id=\"1\"/>" + msgid "" + "Each supported authentication method has its own configuration subsection " + "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type=" +@@ -5527,11 +5507,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.conf.5.xml:3742 +-#, fuzzy +-#| msgid "" +-#| "It is possible to add a sub-section for specific PAM services like e.g. " +-#| "<quote>[prompting/password/sshd]</quote> to individual change the " +-#| "prompting for this service." + msgid "" + "It is possible to add a subsection for specific PAM services, e.g. " + "<quote>[prompting/password/sshd]</quote> to individual change the prompting " +@@ -6341,17 +6316,38 @@ msgstr "" + "дії TGT)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "Типове значення: 900 (15 хвилин)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++#, fuzzy ++#| msgid "ldap_connection_expire_timeout (integer)" ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "ldap_connection_expire_timeout (ціле значення)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "ldap_page_size (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." +@@ -6361,17 +6357,17 @@ msgstr "" + "один запит." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "Типове значення: 1000" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "ldap_disable_paging (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -6382,7 +6378,7 @@ msgstr "" + "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." +@@ -6392,7 +6388,7 @@ msgstr "" + "підтримкою не можна скористатися." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -6403,17 +6399,17 @@ msgstr "" + "це може призвести до відмови у виконанні запитів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "ldap_disable_range_retrieval (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "Вимкнути отримання діапазону Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -6429,12 +6425,12 @@ msgstr "" + "буде представлено як такі, у яких немає учасників." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "ldap_sasl_minssf (ціле значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -6445,19 +6441,42 @@ msgstr "" + "параметра визначається OpenLDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + "Типове значення: типове для системи значення (зазвичай, визначається у ldap." + "conf)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++#, fuzzy ++#| msgid "ldap_sasl_minssf (integer)" ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "ldap_sasl_minssf (ціле значення)" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++#, fuzzy ++#| msgid "" ++#| "When communicating with an LDAP server using SASL, specify the minimum " ++#| "security level necessary to establish the connection. The values of this " ++#| "option are defined by OpenLDAP." ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний " ++"рівень захисту, потрібний для встановлення з’єднання. Значення цього " ++"параметра визначається OpenLDAP." ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "ldap_deref_threshold (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -6469,7 +6488,7 @@ msgstr "" + "виконуватиметься окремо." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -6487,7 +6506,7 @@ msgstr "" + "rootDSE." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -6500,7 +6519,7 @@ msgstr "" + "OpenLDAP та Active Directory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -6511,12 +6530,12 @@ msgstr "" + "незалежно від використання цього параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "ldap_tls_reqcert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" +@@ -6526,7 +6545,7 @@ msgstr "" + "таких значень:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." +@@ -6535,7 +6554,7 @@ msgstr "" + "жодних сертифікатів сервера." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6547,7 +6566,7 @@ msgstr "" + "режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -6558,7 +6577,7 @@ msgstr "" + "надано помилковий сертифікат, негайно перервати сеанс." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -6569,22 +6588,22 @@ msgstr "" + "перервати сеанс." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "Типове значення: hard" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "ldap_tls_cacert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." +@@ -6593,7 +6612,7 @@ msgstr "" + "розпізнаються <command>sssd</command>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" +@@ -6602,12 +6621,12 @@ msgstr "" + "у <filename>/etc/openldap/ldap.conf</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "ldap_tls_cacertdir (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -6620,32 +6639,32 @@ msgstr "" + "<command>cacertdir_rehash</command>, якщо ця програма є доступною." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "ldap_tls_cert (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "Визначає файл, який містить сертифікат для ключа клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "ldap_tls_key (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "Визначає файл, у якому міститься ключ клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "ldap_tls_cipher_suite (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -6657,12 +6676,12 @@ msgstr "" + "<manvolnum>5</manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "ldap_id_use_start_tls (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." +@@ -6671,12 +6690,12 @@ msgstr "" + "class=\"protocol\">tls</systemitem> для захисту каналу." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "ldap_id_mapping (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -6688,19 +6707,19 @@ msgstr "" + "ldap_group_gid_number." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + "У поточній версії у цій можливості передбачено підтримку лише встановлення " + "відповідності objectSID у ActiveDirectory." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "ldap_min_id, ldap_max_id (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -6720,18 +6739,18 @@ msgstr "" + "ідентифікаторів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + "Типове значення: не встановлено (обидва параметри встановлено у значення 0)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "ldap_sasl_mech (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." +@@ -6740,7 +6759,7 @@ msgstr "" + "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -6758,12 +6777,12 @@ msgstr "" + "manvolnum></citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "ldap_sasl_authid (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -6783,7 +6802,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -6804,17 +6823,17 @@ msgstr "" + "таблиці ключів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "ldap_sasl_realm (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -6826,17 +6845,17 @@ msgstr "" + "проігноровано." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "Типове значення: значення krb5_realm." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "ldap_sasl_canonicalize (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." +@@ -6846,36 +6865,36 @@ msgstr "" + "SASL." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "Типове значення: false;" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "ldap_krb5_keytab (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." + "keytab</filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "ldap_krb5_init_creds (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -6886,12 +6905,12 @@ msgstr "" + "механізм GSSAPI або GSS-SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "ldap_krb5_ticket_lifetime (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" +@@ -6899,17 +6918,17 @@ msgstr "" + "SPNEGO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "Типове значення: 86400 (24 години)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "krb5_server, krb5_backup_server (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -6928,7 +6947,7 @@ msgstr "" + "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -6940,7 +6959,7 @@ msgstr "" + "вдасться знайти." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -6951,30 +6970,30 @@ msgstr "" + "варто перейти на використання «krb5_server» у файлах налаштувань." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "krb5_realm (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" + "filename>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "krb5_canonicalize (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" +@@ -6984,12 +7003,12 @@ msgstr "" + "версії MIT Kerberos >= 1.7" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "krb5_use_kdcinfo (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -7004,7 +7023,7 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -7015,12 +7034,12 @@ msgstr "" + "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "ldap_pwd_policy (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" +@@ -7029,7 +7048,7 @@ msgstr "" + "використовувати такі значення:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." +@@ -7038,7 +7057,7 @@ msgstr "" + "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -7049,7 +7068,7 @@ msgstr "" + "manvolnum></citerefentry> для визначення того, чи чинним є пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -7060,7 +7079,7 @@ msgstr "" + "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." +@@ -7070,18 +7089,18 @@ msgstr "" + "встановленими за допомогою цього параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "ldap_referrals (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." +@@ -7090,7 +7109,7 @@ msgstr "" + "з версією OpenLDAP 2.4.13 або новішою версією." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -7104,28 +7123,28 @@ msgstr "" + "«false» може значно пришвидшити роботу." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "ldap_dns_service_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + "Визначає назву служби, яку буде використано у разі вмикання визначення служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "Типове значення: ldap" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "ldap_chpass_dns_service_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." +@@ -7134,17 +7153,17 @@ msgstr "" + "уможливлює зміну паролів, у разі вмикання визначення служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "ldap_chpass_update_last_change (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." +@@ -7153,12 +7172,12 @@ msgstr "" + "щодо кількості днів з часу виконання дії зі зміни пароля." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "ldap_access_filter (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -7187,12 +7206,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "Приклад:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -7204,7 +7223,7 @@ msgstr "" + " " + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." +@@ -7213,7 +7232,7 @@ msgstr "" + "employeeType встановлено у значення «admin»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -7227,17 +7246,17 @@ msgstr "" + "таких прав не було надано, у автономному режимі їх також не буде надано." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "Типове значення: порожній рядок" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "ldap_account_expire_policy (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." +@@ -7246,7 +7265,7 @@ msgstr "" + "керування доступом на боці клієнта." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -7257,12 +7276,12 @@ msgstr "" + "з відповідним кодом помилки, навіть якщо вказано правильний пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "Можна використовувати такі значення:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." +@@ -7271,7 +7290,7 @@ msgstr "" + "визначити, чи завершено строк дії облікового запису." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -7284,7 +7303,7 @@ msgstr "" + "Також буде перевірено, чи не вичерпано строк дії облікового запису." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -7295,7 +7314,7 @@ msgstr "" + "ldap_ns_account_lock." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -7308,7 +7327,7 @@ msgstr "" + "атрибутів, надати доступ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -7319,24 +7338,24 @@ msgstr "" + "користуватися параметром ldap_account_expire_policy." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "ldap_access_order (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + "Список відокремлених комами параметрів керування доступом. Можливі значення " + "списку:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7351,7 +7370,7 @@ msgstr "" + "для працездатності цієї можливості слід встановити «access_provider = ldap»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" +@@ -7361,7 +7380,7 @@ msgstr "" + "emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -7384,13 +7403,13 @@ msgstr "" + "параметра слід встановити значення «access_provider = ldap»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -7405,7 +7424,7 @@ msgstr "" + "наприклад на ключах SSH." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -7420,7 +7439,7 @@ msgstr "" + "негайно змінити пароль." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" +@@ -7428,7 +7447,7 @@ msgstr "" + "від SSSD не надходитиме." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +@@ -7438,7 +7457,7 @@ msgstr "" + "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" +@@ -7447,14 +7466,14 @@ msgstr "" + "можливості доступу атрибут authorizedService" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " + "права доступу" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" +@@ -7463,7 +7482,7 @@ msgstr "" + "того, чи матиме віддалений вузол доступ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" +@@ -7473,12 +7492,12 @@ msgstr "" + "керування доступом." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "Типове значення: filter" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." +@@ -7487,12 +7506,12 @@ msgstr "" + "використано декілька разів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "ldap_pwdlockout_dn (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -7506,22 +7525,22 @@ msgstr "" + "можна буде перевірити належним чином." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "ldap_deref (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" +@@ -7530,13 +7549,13 @@ msgstr "" + "пошуку. Можливі такі варіанти:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." +@@ -7546,7 +7565,7 @@ msgstr "" + "пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." +@@ -7555,7 +7574,7 @@ msgstr "" + "під час визначення місця основного об’єкта пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." +@@ -7564,7 +7583,7 @@ msgstr "" + "час пошуку, так і під час визначення місця основного об’єкта пошуку." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" +@@ -7573,12 +7592,12 @@ msgstr "" + "сценарієм <emphasis>never</emphasis>)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." +@@ -7587,7 +7606,7 @@ msgstr "" + "серверів, у яких використовується схема RFC2307." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -7605,7 +7624,7 @@ msgstr "" + "користувачів за допомогою виклику getpw*() або initgroups()." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -7617,12 +7636,12 @@ msgstr "" + "групами LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "wildcard_limit (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." +@@ -7631,26 +7650,19 @@ msgstr "" + "пошуку з використанням символів-замінників." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + "У поточній версії пошук із використанням символів-замінників передбачено " + "лише для відповідача InfoPipe." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "Типове значення: 1000 (часто розмір однієї сторінки)" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap.5.xml:51 +-#, fuzzy +-#| msgid "" +-#| "All of the common configuration options that apply to SSSD domains also " +-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " +-#| "<placeholder type=\"variablelist\" id=\"0\"/>" + msgid "" + "All of the common configuration options that apply to SSSD domains also " + "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +@@ -7663,16 +7675,19 @@ msgstr "" + "Всі загальні параметри налаштування, які стосуються доменів SSSD, також " + "стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " + "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " +-"<placeholder type=\"variablelist\" id=\"0\"/>" ++"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. Зауважте, що " ++"атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо " ++"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> " ++"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " ++"id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "ПАРАМЕТРИ SUDO" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -7683,12 +7698,12 @@ msgstr "" + "<manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "ldap_sudo_full_refresh_interval (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." +@@ -7698,7 +7713,7 @@ msgstr "" + "набір правил, що зберігаються на сервері." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" +@@ -7707,17 +7722,17 @@ msgstr "" + "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "Типове значення: 21600 (6 годин)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "ldap_sudo_smart_refresh_interval (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -7728,7 +7743,7 @@ msgstr "" + "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." +@@ -7737,7 +7752,7 @@ msgstr "" + "дані атрибута modifyTimestamp." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -7753,12 +7768,12 @@ msgstr "" + "emphasis>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "ldap_sudo_use_host_filter (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." +@@ -7768,12 +7783,12 @@ msgstr "" + "назв вузлів)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "ldap_sudo_hostnames (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." +@@ -7782,7 +7797,7 @@ msgstr "" + "фільтрування списку правил." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." +@@ -7791,8 +7806,8 @@ msgstr "" + "назву вузла та повну назву комп’ютера у домені у автоматичному режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." +@@ -7801,17 +7816,17 @@ msgstr "" + "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "Типове значення: не вказано" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "ldap_sudo_ip (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." +@@ -7820,7 +7835,7 @@ msgstr "" + "правил." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." +@@ -7829,12 +7844,12 @@ msgstr "" + "адресу у автоматичному режимі." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "ldap_sudo_include_netgroups (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." +@@ -7843,12 +7858,12 @@ msgstr "" + "мережеву групу (netgroup) у атрибуті sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "ldap_sudo_include_regexp (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." +@@ -7857,7 +7872,7 @@ msgstr "" + "заміни у атрибуті sudoHost." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" +@@ -7866,7 +7881,7 @@ msgstr "" + "для сервера LDAP!" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -7879,12 +7894,12 @@ msgstr "" + "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "ПАРАМЕТРИ AUTOFS" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." +@@ -7893,47 +7908,47 @@ msgstr "" + "LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "ldap_autofs_map_master_name (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "Назва основної карти автоматичного монтування у LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "Типове значення: auto.master" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "ДОДАТКОВІ ПАРАМЕТРИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "ldap_netgroup_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "ldap_user_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "ldap_group_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "<note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -7946,22 +7961,22 @@ msgstr "" + "груп показуються неправильно." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "</note>" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "ldap_sudo_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "ldap_autofs_search_base (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -7974,14 +7989,14 @@ msgstr "" + "<placeholder type=\"variablelist\" id=\"1\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "ПРИКЛАД" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -7992,7 +8007,7 @@ msgstr "" + "<replaceable>[domains]</replaceable>." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8012,20 +8027,20 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." +@@ -8034,7 +8049,7 @@ msgstr "" + "чином і використано ldap_access_order=lockout." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -8060,13 +8075,13 @@ msgstr "" + "cache_credentials = true\n" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "ЗАУВАЖЕННЯ" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -10001,7 +10016,7 @@ msgstr "" + "цього вузла. Назву вузла слід вказувати повністю." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "dyndns_update (булеве значення)" + +@@ -10021,7 +10036,7 @@ msgstr "" + "допомогою параметра «dyndns_iface»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -10042,12 +10057,12 @@ msgstr "" + "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "dyndns_ttl (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -10074,12 +10089,12 @@ msgid "Default: 1200 (seconds)" + msgstr "Типове значення: 1200 (секунд)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "dyndns_iface (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -10112,17 +10127,17 @@ msgstr "" + "для з’єднання LDAP IPA" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "dyndns_auth (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -10133,7 +10148,7 @@ msgstr "" + "можна надсилати встановленням для цього параметра значення «none»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "Типове значення: GSS-TSIG" + +@@ -10168,7 +10183,7 @@ msgstr "" + "вважатимуться резервними серверами." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "dyndns_refresh_interval (ціле число)" + +@@ -10185,12 +10200,12 @@ msgstr "" + "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "dyndns_update_ptr (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -10214,12 +10229,12 @@ msgid "Default: False (disabled)" + msgstr "Типове значення: False (вимкнено)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "dyndns_force_tcp (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." +@@ -10228,17 +10243,17 @@ msgstr "" + "даними з сервером DNS." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "dyndns_server (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." +@@ -10248,7 +10263,7 @@ msgstr "" + "параметра." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." +@@ -10257,7 +10272,7 @@ msgstr "" + "DNS відрізняється від сервера профілів." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." +@@ -10267,17 +10282,17 @@ msgstr "" + "невдало." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "dyndns_update_per_family (булеве значення)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -10410,12 +10425,12 @@ msgstr "" + "перетворено у основний DN для виконання дій LDAP." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "krb5_confd_path (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." +@@ -10424,7 +10439,7 @@ msgstr "" + "налаштувань Kerberos." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." +@@ -10433,7 +10448,7 @@ msgstr "" + "значення «none»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -11500,11 +11515,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:359 +-#, fuzzy +-#| msgid "" +-#| "GPO-based access control functionality uses GPO policy settings to " +-#| "determine whether or not a particular user is allowed to logon to a " +-#| "particular host." + msgid "" + "GPO-based access control functionality uses GPO policy settings to determine " + "whether or not a particular user is allowed to logon to the host. For more " +@@ -11513,7 +11523,9 @@ msgid "" + msgstr "" + "Функціональні можливості з керування доступом на основі GPO використовують " + "параметри правил GPO для визначення того, може чи не може той чи інший " +-"користувач увійти до системи певного вузла мережі." ++"користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша " ++"інформація щодо підтримуваних параметрів правил, зверніться до параметрів " ++"<quote>ad_gpo_map</quote>." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:367 +@@ -11523,6 +11535,11 @@ msgid "" + "S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " + "upstream issue tracker https://pagure.io/SSSD/sssd/issue/4099 ." + msgstr "" ++"Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено " ++"підтримки вбудованих груп Active Directory. Вбудовані групи до правил " ++"керування доступом на основі GPO (зокрема Administrators із SID " ++"S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за " ++"вадами https://pagure.io/SSSD/sssd/issue/4099 ." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:376 +@@ -11533,6 +11550,11 @@ msgid "" + "a user, the user or at least one of the groups to which it belongs must have " + "following permissions on the GPO:" + msgstr "" ++"Перед виконанням керування доступом SSSD застосовує захисне фільтрування на " ++"основі правил груп до списку GPO. Для кожного входу користувача до системи " ++"програма перевіряє застосовність GPO, які пов'язано із відповідним вузлом. " ++"Щоб GPO можна було застосувати до користувача, користувач або принаймні одна " ++"з груп, до яких він належить, повинен мати такі права доступу до GPO:" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd-ad.5.xml:386 +@@ -11540,6 +11562,8 @@ msgid "" + "Read: The user or one of its groups must have read access to the properties " + "of the GPO (RIGHT_DS_READ_PROPERTY)" + msgstr "" ++"Read: користувач або одна з його груп повинна мати доступ до читання " ++"властивостей GPO (RIGHT_DS_READ_PROPERTY)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> + #: sssd-ad.5.xml:393 +@@ -11547,6 +11571,8 @@ msgid "" + "Apply Group Policy: The user or at least one of its groups must be allowed " + "to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." + msgstr "" ++"Apply Group Policy: користувач або принаймні одна з його груп повинна мати " ++"доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:401 +@@ -11557,6 +11583,11 @@ msgid "" + "and access control are started, the Authenticated Users group permissions on " + "the GPO always apply also to the user." + msgstr "" ++"Типово, у GPO є група Authenticated Users, для якої встановлено одразу права " ++"доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має " ++"бути успішно завершено до захисного фільтрування GPO і запуску керування " ++"доступом, до облікового запису користувача завжди застосовуються права " ++"доступу групи Authenticated Users щодо GPO." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:410 +@@ -11572,16 +11603,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:417 +-#, fuzzy +-#| msgid "" +-#| "NOTE: If the operation mode is set to enforcing, it is possible that " +-#| "users that were previously allowed logon access will now be denied logon " +-#| "access (as dictated by the GPO policy settings). In order to facilitate a " +-#| "smooth transition for administrators, a permissive mode is available that " +-#| "will not enforce the access control rules, but will evaluate them and " +-#| "will output a syslog message if access would have been denied. By " +-#| "examining the logs, administrators can then make the necessary changes " +-#| "before setting the mode to enforcing." + msgid "" + "NOTE: If the operation mode is set to enforcing, it is possible that users " + "that were previously allowed logon access will now be denied logon access " +@@ -11603,7 +11624,10 @@ msgstr "" + "відповідність цим правилам і виводитиме до системного журналу повідомлення, " + "якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть " + "змогу адміністраторам внести відповідні зміни до встановлення примусового " +-"режиму (enforcing)." ++"режиму (enforcing). Для запису до журналу даних керування доступом на основі " ++"GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника " ++"<citerefentry> <refentrytitle>sssctl</refentrytitle> <manvolnum>8</" ++"manvolnum> </citerefentry>)." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:436 +@@ -11728,6 +11752,19 @@ msgid "" + "local access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка " ++"лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy " ++"(див. параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із " ++"оброблених GPO міститься параметр заборони інтерактивного входу до системи " ++"для користувача або однієї з його груп, користувачеві буде заборонено " ++"локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права " ++"на інтерактивний вхід до системи, користувачеві буде надано локальний " ++"доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " ++"інтерактивний вхід до системи, користувачеві буде надано лише локальний " ++"доступ, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:549 +@@ -11818,6 +11855,19 @@ msgid "" + "settings, the user is granted remote access only, if it or at least one of " + "its groups is part of the policy settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"RemoteInteractiveLogonRight і DenyRemoteInteractiveLogonRight. " ++"Виконуватиметься оцінка лише тих GPO, до яких користувач має права доступу " ++"Read і Apply Group Policy (див. параметр <quote>ad_gpo_access_control</" ++"quote>). Якщо у якомусь із оброблених GPO міститься параметр заборони " ++"віддаленого входу до системи для користувача або однієї з його груп, " ++"користувачеві буде заборонено віддалений інтерактивний доступ. Якщо для " ++"жодного із оброблених GPO немає визначеного права на віддалений вхід до " ++"системи, користувачеві буде надано віддалений доступ. Якщо хоча б одному зі " ++"оброблених GPO містяться параметри прав на віддалений вхід до системи, " ++"користувачеві буде надано лише віддалений доступ, якщо він або принаймні " ++"одна з його груп є частиною параметрів правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:657 +@@ -11890,6 +11940,19 @@ msgid "" + "logon access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих " ++"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони входу до системи за допомогою мережі для " ++"користувача або однієї з його груп, користувачеві буде заборонено локальний " ++"доступ. Якщо для жодного із оброблених GPO немає визначеного права на вхід " ++"до системи за допомогою мережі, користувачеві буде надано доступ до входу. " ++"Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід до " ++"системи за допомогою мережі, користувачеві буде надано лише доступ до входу " ++"до системи, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:715 +@@ -11961,6 +12024,19 @@ msgid "" + "settings, the user is granted logon access only, if it or at least one of " + "its groups is part of the policy settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, " ++"до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони пакетного входу до системи для користувача " ++"або однієї з його груп, користувачеві буде заборонено доступ до пакетного " ++"входу до системи. Якщо для жодного із оброблених GPO немає визначеного права " ++"на пакетний вхід до системи, користувачеві буде надано доступ до входу до " ++"системи. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " ++"пакетний вхід до системи, користувачеві буде надано лише доступ до входу до " ++"системи, якщо він або принаймні одна з його груп є частиною параметрів " ++"правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:773 +@@ -12033,6 +12109,19 @@ msgid "" + "logon access only, if it or at least one of its groups is part of the policy " + "settings." + msgstr "" ++"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " ++"доступом на основі GPO виконуються на основі параметрів правил " ++"ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих " ++"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " ++"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " ++"GPO міститься параметр заборони входу до системи за допомогою служб для " ++"користувача або однієї з його груп, користувачеві буде заборонено вхід до " ++"системи за допомогою служб. Якщо для жодного із оброблених GPO немає " ++"визначеного права на вхід до системи за допомогою служб, користувачеві буде " ++"надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO " ++"містяться параметри прав на вхід до системи за допомогою служб, " ++"користувачеві буде надано лише доступ до входу до системи, якщо він або " ++"принаймні одна з його груп є частиною параметрів правила." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:826 +@@ -12266,9 +12355,27 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++#, fuzzy ++#| msgid "ldap_id_use_start_tls (boolean)" ++msgid "ad_use_ldaps (bool)" ++msgstr "ldap_id_use_start_tls (булеве значення)" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -12284,12 +12391,12 @@ msgstr "" + "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "Типове значення: 3600 (секунд)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" +@@ -12298,7 +12405,7 @@ msgstr "" + "для з’єднання LDAP AD" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -12315,12 +12422,12 @@ msgstr "" + "значення." + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "Типове значення: True" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -12331,7 +12438,7 @@ msgstr "" + "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -12355,7 +12462,7 @@ msgstr "" + "ad_domain = example.com\n" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -12367,7 +12474,7 @@ msgstr "" + "ldap_account_expire_policy = ad\n" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -12379,7 +12486,7 @@ msgstr "" + "\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -12394,7 +12501,7 @@ msgstr "" + "шифрування) вручну." + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13029,10 +13136,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd.8.xml:259 +-#, fuzzy +-#| msgid "" +-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +-#| "applications will not use the fast in memory cache." + msgid "" + "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " + "applications will not use the fast in-memory cache." +@@ -14329,11 +14432,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:518 +-#, fuzzy +-#| msgid "" +-#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a " +-#| "colon. The first number represents number of primary servers used and the " +-#| "second number specifies the number of backup servers." + msgid "" + "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " + "The first number represents number of primary servers used and the second " +@@ -14345,12 +14443,6 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:524 +-#, fuzzy +-#| msgid "" +-#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +-#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup " +-#| "servers." + msgid "" + "For example <emphasis>10:0</emphasis> means that up to 10 primary servers " + "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +@@ -14360,7 +14452,7 @@ msgstr "" + "Наприклад, <emphasis>10:0</emphasis> означає «буде передано до 10 основних " + "серверів до <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>», але не буде " +-"передано резервні сервери." ++"передано резервні сервери" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-krb5.5.xml:533 +@@ -17497,21 +17589,15 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> + #: sssd-kcm.8.xml:61 +-#, fuzzy +-#| msgid "" +-#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> " +-#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </" +-#| "citerefentry> secrets store, allowing the ccaches to survive KCM server " +-#| "restarts or machine reboots." + msgid "" + "the SSSD implementation stores the ccaches in a database, typically located " + "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " + "survive KCM server restarts or machine reboots." + msgstr "" +-"реалізація у SSSD зберігає ccache-і у сховищі реєстраційних даних " +-"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" +-"manvolnum> </citerefentry> SSSD, що надає змогу ccache-ам переживати " +-"перезапуски сервера KCM та перезавантаження комп'ютера." ++"реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово " ++"називається <replaceable>/var/lib/sss/secrets</replaceable>. За допомогою " ++"цього файла ccache зберігаються протягом періодів перезапуску сервера KCM " ++"або перезавантаження комп'ютера." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:67 +@@ -17698,28 +17784,24 @@ msgid "" + "after changing options in the <quote>kcm</quote> section of sssd.conf: " + "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" ++"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</" ++"quote> файла sssd.conf. Будь ласка, зауважте, що оскільки активація служби " ++"KCM, зазвичай, відбувається за допомогою сокетів, після внесення змін до " ++"розділу <quote>kcm</quote> файла sssd.conf достатньо перезапустити службу " ++"<quote>sssd-kcm</quote>: <placeholder type=\"programlisting\" id=\"0\"/>" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:175 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the files provider for <citerefentry> " +-#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +-#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +-#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." + msgid "" + "The KCM service is configured in the <quote>kcm</quote> For a detailed " + "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " + "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" + "manvolnum> </citerefentry> manual page." + msgstr "" +-"На цій сторінці довідника описано налаштування засобу обробки файлів для " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +-"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." ++"Налаштування служби KCM виконують за допомогою <quote>kcm</quote>. Докладний " ++"опис синтаксичних конструкцій налаштувань наведено у розділі <quote>ФОРМАТ " ++"ФАЙЛА</quote> сторінки підручника щодо <citerefentry> <refentrytitle>sssd." ++"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:183 +@@ -17755,27 +17837,27 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:205 +-#, fuzzy +-#| msgid "max_secrets (integer)" + msgid "max_ccaches (integer)" +-msgstr "max_secrets (ціле значення)" ++msgstr "max_ccaches (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:208 + msgid "How many credential caches does the KCM database allow for all users." + msgstr "" ++"Скільки кешів реєстраційних може мати даних база даних KCM для усіх " ++"користувачів." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:212 + msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" + msgstr "" ++"Типове значення: 0 (без обмежень, застосовується лише квота на кількість " ++"кешів на UID)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:217 +-#, fuzzy +-#| msgid "max_uid_secrets (integer)" + msgid "max_uid_ccaches (integer)" +-msgstr "max_uid_secrets (ціле число)" ++msgstr "max_uid_ccaches (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:220 +@@ -17783,20 +17865,19 @@ msgid "" + "How many credential caches does the KCM database allow per UID. This is " + "equivalent to <quote>with how many principals you can kinit</quote>." + msgstr "" ++"Скільки кешів реєстраційних може мати даних база даних KCM для окремого UID. " ++"Еквівалент значення <quote>кількість реєстраційних даних, які можна " ++"ініціювати за допомогою kinit</quote>." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 64" +-msgstr "Типове значення: 6" ++msgstr "Типове значення: 64" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +-#, fuzzy +-#| msgid "max_payload_size (integer)" + msgid "max_ccache_size (integer)" +-msgstr "max_payload_size (ціле значення)" ++msgstr "max_ccache_size (ціле число)" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:233 +@@ -17804,13 +17885,13 @@ msgid "" + "How big can a credential cache be per ccache. Each service ticket accounts " + "into this quota." + msgstr "" ++"Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця " ++"квота обчислюється для усіх квитків служб разом." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 6" + msgid "Default: 65536" +-msgstr "Типове значення: 6" ++msgstr "Типове значення: 65536" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -17988,13 +18069,7 @@ msgstr "Зондує функцію sdap_get_generic_ext_send()." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:152 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "base:string\n" +-#| "scope:integer\n" +-#| "filter:string\n" +-#| "probestr:string\n" +-#| " " ++#, no-wrap + msgid "" + "base:string\n" + "scope:integer\n" +@@ -18006,6 +18081,7 @@ msgstr "" + "base:рядок\n" + "scope:ціле число\n" + "filter:рядок\n" ++"attrs:рядок\n" + "probestr:рядок\n" + " " + +@@ -18037,10 +18113,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:176 +-#, fuzzy +-#| msgid "probe sdap_deref_send" + msgid "probe sdap_parse_entry" +-msgstr "зонд sdap_deref_send" ++msgstr "зонд sdap_parse_entry" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:179 +@@ -18048,27 +18122,25 @@ msgid "" + "Probes the sdap_parse_entry() function. It is called repeatedly with every " + "received attribute." + msgstr "" ++"Зондує функцію sdap_parse_entry(). Викликається повторно для кожного " ++"отриманого атрибута." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> + #: sssd-systemtap.5.xml:184 +-#, fuzzy, no-wrap +-#| msgid "" +-#| "filter:string\n" +-#| " " ++#, no-wrap + msgid "" + "attr:string\n" + "value:string\n" + " " + msgstr "" +-"filter:рядок\n" +-" " ++"attr:рядок\n" ++"value:рядок\n" ++" " + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:190 +-#, fuzzy +-#| msgid "probe dp_req_done" + msgid "probe sdap_parse_entry_done" +-msgstr "зонд dp_req_done" ++msgstr "probe sdap_parse_entry_done" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:193 +@@ -18076,6 +18148,8 @@ msgid "" + "Probes the sdap_parse_entry() function. It is called when parsing of " + "received object is finished." + msgstr "" ++"Зондує функцію sdap_parse_entry(). Викликається після завершення обробки " ++"отриманого об'єкта." + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:201 +@@ -18319,7 +18393,7 @@ msgstr "Перетворення методу на рядок і поверне + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-systemtap.5.xml:410 + msgid "SAMPLE SYSTEMTAP SCRIPTS" +-msgstr "" ++msgstr "ЗРАЗКИ СКРИПТІВ SYSTEMTAP" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-systemtap.5.xml:412 +@@ -18328,78 +18402,67 @@ msgid "" + "script_name>.stp</command>), then perform an identity operation and the " + "script will collect information from probes." + msgstr "" ++"Запустіть скрипт SystemTap (<command>stap /usr/share/sssd/systemtap/<" ++"назва_скрипту>.stp</command>), потім виконайте дію із розпізнавання. " ++"Скрипт збере дані за допомогою зондів." + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-systemtap.5.xml:418 + msgid "Provided SystemTap scripts are:" +-msgstr "" ++msgstr "Скриптами SystemTap з пакунка є:" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:422 + msgid "dp_request.stp" +-msgstr "" ++msgstr "dp_request.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:425 + msgid "Monitoring of data provider request performance." +-msgstr "" ++msgstr "Спостереження за швидкодією обробки запитів засобом надання даних." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:430 + msgid "id_perf.stp" +-msgstr "" ++msgstr "id_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:433 + msgid "Monitoring of <command>id</command> command performance." +-msgstr "" ++msgstr "Спостереження за швидкодією виконання команди <command>id</command>." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:439 +-#, fuzzy +-#| msgid "ldap_deref (string)" + msgid "ldap_perf.stp" +-msgstr "ldap_deref (рядок)" ++msgstr "ldap_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:442 + msgid "Monitoring of LDAP queries." +-msgstr "" ++msgstr "Спостереження за запитами LDAP." + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-systemtap.5.xml:447 + msgid "nested_group_perf.stp" +-msgstr "" ++msgstr "nested_group_perf.stp" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-systemtap.5.xml:450 + msgid "Performance of nested groups resolving." +-msgstr "" ++msgstr "Швидкодія визначення назв для вкладених груп." + + #. type: Content of: <reference><refentry><refnamediv><refname> + #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +-#, fuzzy +-#| msgid "sssd-ldap" + msgid "sssd-ldap-attributes" +-msgstr "sssd-ldap" ++msgstr "sssd-ldap-attributes" + + #. type: Content of: <reference><refentry><refnamediv><refpurpose> + #: sssd-ldap-attributes.5.xml:17 +-#, fuzzy +-#| msgid "SSSD LDAP provider" + msgid "SSSD LDAP Provider: Mapping Attributes" +-msgstr "Модуль надання даних LDAP SSSD" ++msgstr "Засіб надання даних LDAP SSSD: атрибути прив'язування" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-ldap-attributes.5.xml:23 +-#, fuzzy +-#| msgid "" +-#| "This manual page describes the configuration of LDAP domains for " +-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +-#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +-#| "information." + msgid "" + "This manual page describes the mapping attributes of SSSD LDAP provider " + "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +@@ -18407,17 +18470,17 @@ msgid "" + "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " + "for full details about SSSD LDAP provider configuration options." + msgstr "" +-"На цій сторінці довідника описано налаштування доменів LDAP для " +-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +-"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +-"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +-"citerefentry>." ++"Цю сторінку підручника присвячено опису атрибутів прив'язування засобу " ++"надання даних LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Повний опис " ++"параметрів налаштовування засобу надання даних LDAP SSSD наведено на " ++"сторінці підручника щодо <citerefentry> <refentrytitle>sssd-ldap</" ++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:38 + msgid "USER ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ КОРИСТУВАЧА" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:42 +@@ -18529,7 +18592,7 @@ msgstr "Атрибут LDAP, що містить назву домашнього + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:129 + msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +-msgstr "" ++msgstr "Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:135 +@@ -19066,6 +19129,10 @@ msgid "" + "Therefore when using service-based access control, the <quote>systemd-user</" + "quote> service might need to be added to the list of allowed services." + msgstr "" ++"У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM " ++"<quote>systemd-user</quote> завжди включено до процедури входу до системи. " ++"Тому при використанні керування доступом на основі даних служб варто " ++"додавати службу <quote>systemd-user</quote> до списку дозволених служб." + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:545 +@@ -19204,7 +19271,7 @@ msgstr "Типове значення: mail" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:644 + msgid "GROUP ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ ГРУПИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:648 +@@ -19292,10 +19359,8 @@ msgstr "ldap_group_modify_timestamp (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:742 +-#, fuzzy +-#| msgid "ldap_group_name (string)" + msgid "ldap_group_type (string)" +-msgstr "ldap_group_name (рядок)" ++msgstr "ldap_group_type (рядок)" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ldap-attributes.5.xml:745 +@@ -19349,7 +19414,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:782 + msgid "NETGROUP ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:786 +@@ -19437,7 +19502,7 @@ msgstr "ldap_netgroup_modify_timestamp (рядок)" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:871 + msgid "HOST ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ ВУЗЛА" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:875 +@@ -19523,10 +19588,8 @@ msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта ву + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "РОЗДІЛИ СЛУЖБ" ++msgstr "АТРИБУТИ СЛУЖБИ" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +@@ -19585,7 +19648,7 @@ msgstr "Типове значення: ipServiceProtocol" + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1026 + msgid "SUDO ATTRIBUTES" +-msgstr "" ++msgstr "АТРИБУТИ SUDO" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:1030 +@@ -19770,10 +19833,8 @@ msgstr "Типове значення: sudoOrder" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:1177 +-#, fuzzy +-#| msgid "AUTOFS OPTIONS" + msgid "AUTOFS ATTRIBUTES" +-msgstr "ПАРАМЕТРИ AUTOFS" ++msgstr "АТРИБУТИ AUTOFS" + + #. type: Content of: <variablelist><varlistentry><term> + #: include/autofs_attributes.xml:3 +@@ -20098,20 +20159,17 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:76 +-#, fuzzy +-#| msgid "dns_resolver_timeout" + msgid "dns_resolver_server_timeout" +-msgstr "dns_resolver_timeout" ++msgstr "dns_resolver_server_timeout" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> + #: include/failover.xml:80 +-#, fuzzy +-#| msgid "How long would SSSD talk to a single DNS server." + msgid "" + "Time in milliseconds that sets how long would SSSD talk to a single DNS " + "server before trying next one." + msgstr "" +-"Наскільки довго SSSD обмінюватиметься інформацією із окремим сервером DNS." ++"Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із " ++"окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:90 +@@ -20125,6 +20183,10 @@ msgid "" + "(e.g. resolution of a hostname or an SRV record) before trying the next " + "hostname or discovery domain." + msgstr "" ++"Час у секундах, який визначає тривалість періоду, протягом якого SSSD " ++"намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла " ++"або запис SRV), перш ніж перейти до наступної назви вузла або наступного " ++"домену пошуку." + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> + #: include/failover.xml:106 +@@ -20158,13 +20220,6 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><para> + #: include/failover.xml:123 +-#, fuzzy +-#| msgid "" +-#| "For LDAP-based providers, the resolve operation is performed as part of " +-#| "an LDAP connection operation. Therefore, also the " +-#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value " +-#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a " +-#| "larger value than <quote>dns_resolver_op_timeout</quote>." + msgid "" + "For LDAP-based providers, the resolve operation is performed as part of an " + "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></" +@@ -20177,7 +20232,8 @@ msgstr "" + "частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити " + "для часу очікування <quote>ldap_opt_timeout></quote> значення, яке " + "перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має " +-"перевищувати значення <quote>dns_resolver_op_timeout</quote>." ++"перевищувати значення <quote>dns_resolver_op_timeout</quote>, яке має " ++"перевищувати значення <quote>dns_resolver_server_timeout</quote>." + + #. type: Content of: <refsect1><title> + #: include/ldap_id_mapping.xml:2 +@@ -21438,94 +21494,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + #: include/ipa_modified_defaults.xml:118 + msgid "ldap_group_external_member = ipaExternalMember" + msgstr "ldap_group_external_member = ipaExternalMember" +- +-#~ msgid "" +-#~ "The background refresh will process users, groups and netgroups in the " +-#~ "cache." +-#~ msgstr "" +-#~ "Під час фонового оновлення виконуватиметься обробка записів користувачів, " +-#~ "груп та мережевих груп у кеші." +- +-#~ msgid "Default: homeDirectory" +-#~ msgstr "Типове значення: homeDirectory" +- +-#~ msgid "ldap_group_type (integer)" +-#~ msgstr "ldap_group_type (ціле число)" +- +-#~ msgid "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +-#~ msgstr "" +-#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +-#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +-#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the InteractiveLogonRight and " +-#~ "DenyInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO виконуватиметься на основі параметрів правил " +-#~ "InteractiveLogonRight і DenyInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the RemoteInteractiveLogonRight and " +-#~ "DenyRemoteInteractiveLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту RemoteInteractiveLogonRight " +-#~ "і DenyRemoteInteractiveLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the NetworkLogonRight and " +-#~ "DenyNetworkLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту NetworkLogonRight і " +-#~ "DenyNetworkLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +-#~ "policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту BatchLogonRight і " +-#~ "DenyBatchLogonRight." +- +-#~ msgid "" +-#~ "A comma-separated list of PAM service names for which GPO-based access " +-#~ "control is evaluated based on the ServiceLogonRight and " +-#~ "DenyServiceLogonRight policy settings." +-#~ msgstr "" +-#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом " +-#~ "на основі GPO засновано на параметрах захисту ServiceLogonRight і " +-#~ "DenyServiceLogonRight." +- +-#~ msgid "" +-#~ "The KCM service is configured in the <quote>kcm</quote> section of the " +-#~ "sssd.conf file. Please note that currently, is it not sufficient to " +-#~ "restart the sssd-kcm service, because the sssd configuration is only " +-#~ "parsed and read to an internal configuration database by the sssd " +-#~ "service. Therefore you must restart the sssd service if you change " +-#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed " +-#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +-#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +-#~ "manvolnum> </citerefentry> manual page." +-#~ msgstr "" +-#~ "Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</" +-#~ "quote> файла sssd.conf. Будь ласка, зауважте, що у поточній версії для " +-#~ "застосування налаштувань перезапуску служби sssd-kcm недостатньо, " +-#~ "оскільки обробка і читання налаштувань sssd до внутрішньої бази даних " +-#~ "налаштувань виконується лише самою службою sssd. Тому вам слід " +-#~ "перезапустити вашу службу sssd, якщо ви щось змінили у розділі " +-#~ "<quote>kcm</quote> файла sssd.conf. Докладний опис синтаксису файла " +-#~ "налаштувань наведено у розділі <quote>ФОРМАТ ФАЙЛА</quote> сторінки " +-#~ "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +-#~ "<manvolnum>5</manvolnum> </citerefentry>." +diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po +index cca30a82f..3170fb6a2 100644 +--- a/src/man/po/zh_CN.po ++++ b/src/man/po/zh_CN.po +@@ -6,9 +6,9 @@ + # Christopher Meng <cickumqt@gmail.com>, 2012 + msgid "" + msgstr "" +-"Project-Id-Version: sssd-docs 2.1.1\n" ++"Project-Id-Version: sssd-docs 2.2.3\n" + "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +-"POT-Creation-Date: 2019-11-30 22:23+0100\n" ++"POT-Creation-Date: 2020-02-12 23:33+0100\n" + "PO-Revision-Date: 2014-12-15 12:16+0000\n" + "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +@@ -301,9 +301,9 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 + #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 +-#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 +-#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 +-#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 ++#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 ++#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 ++#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 + #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 + msgid "Default: true" + msgstr "" +@@ -323,16 +323,16 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 + #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 +-#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 +-#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 ++#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 ++#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 + #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 + #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 + msgid "Default: false" + msgstr "" + + #. type: Content of: outside any tag (error?) +-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 +-#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 ++#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 ++#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 + #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 + #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 + #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 +@@ -361,7 +361,7 @@ msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 +-#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264 ++#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264 + msgid "Default: 10" + msgstr "" + +@@ -659,8 +659,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 +-#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 ++#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 ++#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 + #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 + #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 + #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 +@@ -769,10 +769,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:510 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: sha256" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:512 +@@ -1742,7 +1740,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79 ++#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79 + msgid "Default: 0" + msgstr "" + +@@ -1806,7 +1804,7 @@ msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 + #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 +-#: sssd-ldap.5.xml:1039 ++#: sssd-ldap.5.xml:1074 + msgid "Default: none" + msgstr "" + +@@ -1871,8 +1869,8 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +-#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 +-#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 ++#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 ++#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 + #: include/ldap_id_mapping.xml:244 + msgid "Default: False" + msgstr "" +@@ -5041,34 +5039,53 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489 ++#: sssd-ldap.5.xml:513 ++msgid "" ++"This timeout can be extended of a random value specified by " ++"<emphasis>ldap_connection_expire_offset</emphasis>" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524 + msgid "Default: 900 (15 minutes)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:519 ++#: sssd-ldap.5.xml:524 ++msgid "ldap_connection_expire_offset (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:527 ++msgid "" ++"Random offset between 0 and configured value is added to " ++"<emphasis>ldap_connection_expire_timeout</emphasis>." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:538 + msgid "ldap_page_size (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:522 ++#: sssd-ldap.5.xml:541 + msgid "" + "Specify the number of records to retrieve from LDAP in a single request. " + "Some LDAP servers enforce a maximum limit per-request." + msgstr "" + + #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:527 include/failover.xml:84 ++#: sssd-ldap.5.xml:546 include/failover.xml:84 + msgid "Default: 1000" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:533 ++#: sssd-ldap.5.xml:552 + msgid "ldap_disable_paging (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:536 ++#: sssd-ldap.5.xml:555 + msgid "" + "Disable the LDAP paging control. This option should be used if the LDAP " + "server reports that it supports the LDAP paging control in its RootDSE but " +@@ -5076,14 +5093,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:542 ++#: sssd-ldap.5.xml:561 + msgid "" + "Example: OpenLDAP servers with the paging control module installed on the " + "server but not enabled will report it in the RootDSE but be unable to use it." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:548 ++#: sssd-ldap.5.xml:567 + msgid "" + "Example: 389 DS has a bug where it can only support a one paging control at " + "a time on a single connection. On busy clients, this can result in some " +@@ -5091,17 +5108,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:560 ++#: sssd-ldap.5.xml:579 + msgid "ldap_disable_range_retrieval (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:563 ++#: sssd-ldap.5.xml:582 + msgid "Disable Active Directory range retrieval." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:566 ++#: sssd-ldap.5.xml:585 + msgid "" + "Active Directory limits the number of members to be retrieved in a single " + "lookup using the MaxValRange policy (which defaults to 1500 members). If a " +@@ -5111,12 +5128,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:581 ++#: sssd-ldap.5.xml:600 + msgid "ldap_sasl_minssf (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:584 ++#: sssd-ldap.5.xml:603 + msgid "" + "When communicating with an LDAP server using SASL, specify the minimum " + "security level necessary to establish the connection. The values of this " +@@ -5124,17 +5141,30 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:590 ++#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625 + msgid "Default: Use the system default (usually specified by ldap.conf)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:597 ++#: sssd-ldap.5.xml:616 ++msgid "ldap_sasl_maxssf (integer)" ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ldap.5.xml:619 ++msgid "" ++"When communicating with an LDAP server using SASL, specify the maximal " ++"security level necessary to establish the connection. The values of this " ++"option are defined by OpenLDAP." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ldap.5.xml:632 + msgid "ldap_deref_threshold (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:600 ++#: sssd-ldap.5.xml:635 + msgid "" + "Specify the number of group members that must be missing from the internal " + "cache in order to trigger a dereference lookup. If less members are missing, " +@@ -5142,7 +5172,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:606 ++#: sssd-ldap.5.xml:641 + msgid "" + "You can turn off dereference lookups completely by setting the value to 0. " + "Please note that there are some codepaths in SSSD, like the IPA HBAC " +@@ -5153,7 +5183,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:617 ++#: sssd-ldap.5.xml:652 + msgid "" + "A dereference lookup is a means of fetching all group members in a single " + "LDAP call. Different LDAP servers may implement different dereference " +@@ -5162,7 +5192,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:625 ++#: sssd-ldap.5.xml:660 + msgid "" + "<emphasis>Note:</emphasis> If any of the search bases specifies a search " + "filter, then the dereference lookup performance enhancement will be disabled " +@@ -5170,26 +5200,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:638 ++#: sssd-ldap.5.xml:673 + msgid "ldap_tls_reqcert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:641 ++#: sssd-ldap.5.xml:676 + msgid "" + "Specifies what checks to perform on server certificates in a TLS session, if " + "any. It can be specified as one of the following values:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:647 ++#: sssd-ldap.5.xml:682 + msgid "" + "<emphasis>never</emphasis> = The client will not request or check any server " + "certificate." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:651 ++#: sssd-ldap.5.xml:686 + msgid "" + "<emphasis>allow</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5197,7 +5227,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:658 ++#: sssd-ldap.5.xml:693 + msgid "" + "<emphasis>try</emphasis> = The server certificate is requested. If no " + "certificate is provided, the session proceeds normally. If a bad certificate " +@@ -5205,7 +5235,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:664 ++#: sssd-ldap.5.xml:699 + msgid "" + "<emphasis>demand</emphasis> = The server certificate is requested. If no " + "certificate is provided, or a bad certificate is provided, the session is " +@@ -5213,41 +5243,41 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:670 ++#: sssd-ldap.5.xml:705 + msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:674 ++#: sssd-ldap.5.xml:709 + msgid "Default: hard" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:680 ++#: sssd-ldap.5.xml:715 + msgid "ldap_tls_cacert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:683 ++#: sssd-ldap.5.xml:718 + msgid "" + "Specifies the file that contains certificates for all of the Certificate " + "Authorities that <command>sssd</command> will recognize." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747 ++#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782 + msgid "" + "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." + "conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:695 ++#: sssd-ldap.5.xml:730 + msgid "ldap_tls_cacertdir (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:698 ++#: sssd-ldap.5.xml:733 + msgid "" + "Specifies the path of a directory that contains Certificate Authority " + "certificates in separate individual files. Typically the file names need to " +@@ -5256,32 +5286,32 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:713 ++#: sssd-ldap.5.xml:748 + msgid "ldap_tls_cert (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:716 ++#: sssd-ldap.5.xml:751 + msgid "Specifies the file that contains the certificate for the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:726 ++#: sssd-ldap.5.xml:761 + msgid "ldap_tls_key (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:729 ++#: sssd-ldap.5.xml:764 + msgid "Specifies the file that contains the client's key." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:738 ++#: sssd-ldap.5.xml:773 + msgid "ldap_tls_cipher_suite (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:741 ++#: sssd-ldap.5.xml:776 + msgid "" + "Specifies acceptable cipher suites. Typically this is a colon separated " + "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +@@ -5289,24 +5319,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:754 ++#: sssd-ldap.5.xml:789 + msgid "ldap_id_use_start_tls (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:757 ++#: sssd-ldap.5.xml:792 + msgid "" + "Specifies that the id_provider connection must also use <systemitem class=" + "\"protocol\">tls</systemitem> to protect the channel." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:767 ++#: sssd-ldap.5.xml:802 + msgid "ldap_id_mapping (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:770 ++#: sssd-ldap.5.xml:805 + msgid "" + "Specifies that SSSD should attempt to map user and group IDs from the " + "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +@@ -5314,17 +5344,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:776 ++#: sssd-ldap.5.xml:811 + msgid "Currently this feature supports only ActiveDirectory objectSID mapping." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:786 ++#: sssd-ldap.5.xml:821 + msgid "ldap_min_id, ldap_max_id (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:789 ++#: sssd-ldap.5.xml:824 + msgid "" + "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " + "set to true the allowed ID range for ldap_user_uid_number and " +@@ -5335,24 +5365,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:801 ++#: sssd-ldap.5.xml:836 + msgid "Default: not set (both options are set to 0)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:807 ++#: sssd-ldap.5.xml:842 + msgid "ldap_sasl_mech (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:810 ++#: sssd-ldap.5.xml:845 + msgid "" + "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " + "tested and supported." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:814 ++#: sssd-ldap.5.xml:849 + msgid "" + "If the backend supports sub-domains the value of ldap_sasl_mech is " + "automatically inherited to the sub-domains. If a different value is needed " +@@ -5363,12 +5393,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:830 ++#: sssd-ldap.5.xml:865 + msgid "ldap_sasl_authid (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +-#: sssd-ldap.5.xml:842 ++#: sssd-ldap.5.xml:877 + #, no-wrap + msgid "" + "hostname@REALM\n" +@@ -5381,7 +5411,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:833 ++#: sssd-ldap.5.xml:868 + msgid "" + "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " + "this represents the Kerberos principal used for authentication to the " +@@ -5393,17 +5423,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:853 ++#: sssd-ldap.5.xml:888 + msgid "Default: host/hostname@REALM" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:859 ++#: sssd-ldap.5.xml:894 + msgid "ldap_sasl_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:862 ++#: sssd-ldap.5.xml:897 + msgid "" + "Specify the SASL realm to use. When not specified, this option defaults to " + "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +@@ -5411,49 +5441,49 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:868 ++#: sssd-ldap.5.xml:903 + msgid "Default: the value of krb5_realm." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:874 ++#: sssd-ldap.5.xml:909 + msgid "ldap_sasl_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:877 ++#: sssd-ldap.5.xml:912 + msgid "" + "If set to true, the LDAP library would perform a reverse lookup to " + "canonicalize the host name during a SASL bind." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:882 ++#: sssd-ldap.5.xml:917 + msgid "Default: false;" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:888 ++#: sssd-ldap.5.xml:923 + msgid "ldap_krb5_keytab (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:891 ++#: sssd-ldap.5.xml:926 + msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:895 ++#: sssd-ldap.5.xml:930 + msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:901 ++#: sssd-ldap.5.xml:936 + msgid "ldap_krb5_init_creds (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:904 ++#: sssd-ldap.5.xml:939 + msgid "" + "Specifies that the id_provider should init Kerberos credentials (TGT). This " + "action is performed only if SASL is used and the mechanism selected is " +@@ -5461,28 +5491,28 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:916 ++#: sssd-ldap.5.xml:951 + msgid "ldap_krb5_ticket_lifetime (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:919 ++#: sssd-ldap.5.xml:954 + msgid "" + "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090 ++#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110 + msgid "Default: 86400 (24 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74 ++#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74 + msgid "krb5_server, krb5_backup_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:932 ++#: sssd-ldap.5.xml:967 + msgid "" + "Specifies the comma-separated list of IP addresses or hostnames of the " + "Kerberos servers to which SSSD should connect in the order of preference. " +@@ -5494,7 +5524,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89 ++#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89 + msgid "" + "When using service discovery for KDC or kpasswd servers, SSSD first searches " + "for DNS entries that specify _udp as the protocol and falls back to _tcp if " +@@ -5502,7 +5532,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94 ++#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94 + msgid "" + "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " + "While the legacy name is recognized for the time being, users are advised to " +@@ -5510,39 +5540,39 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 ++#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103 + msgid "krb5_realm (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:961 ++#: sssd-ldap.5.xml:996 + msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:965 ++#: sssd-ldap.5.xml:1000 + msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462 ++#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462 + msgid "krb5_canonicalize (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:974 ++#: sssd-ldap.5.xml:1009 + msgid "" + "Specifies if the host principal should be canonicalized when connecting to " + "LDAP server. This feature is available with MIT Kerberos >= 1.7" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477 ++#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477 + msgid "krb5_use_kdcinfo (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480 ++#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480 + msgid "" + "Specifies if the SSSD should instruct the Kerberos libraries what realm and " + "which KDCs to use. This option is on by default, if you disable it, you need " +@@ -5552,7 +5582,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491 ++#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491 + msgid "" + "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" + "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +@@ -5560,26 +5590,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1014 ++#: sssd-ldap.5.xml:1049 + msgid "ldap_pwd_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1017 ++#: sssd-ldap.5.xml:1052 + msgid "" + "Select the policy to evaluate the password expiration on the client side. " + "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1022 ++#: sssd-ldap.5.xml:1057 + msgid "" + "<emphasis>none</emphasis> - No evaluation on the client side. This option " + "cannot disable server-side password policies." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1027 ++#: sssd-ldap.5.xml:1062 + msgid "" + "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" + "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +@@ -5587,7 +5617,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1033 ++#: sssd-ldap.5.xml:1068 + msgid "" + "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " + "to determine if the password has expired. Use chpass_provider=krb5 to update " +@@ -5595,31 +5625,31 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1042 ++#: sssd-ldap.5.xml:1077 + msgid "" + "<emphasis>Note</emphasis>: if a password policy is configured on server " + "side, it always takes precedence over policy set with this option." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1050 ++#: sssd-ldap.5.xml:1085 + msgid "ldap_referrals (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1053 ++#: sssd-ldap.5.xml:1088 + msgid "Specifies whether automatic referral chasing should be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1057 ++#: sssd-ldap.5.xml:1092 + msgid "" + "Please note that sssd only supports referral chasing when it is compiled " + "with OpenLDAP version 2.4.13 or higher." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1062 ++#: sssd-ldap.5.xml:1097 + msgid "" + "Chasing referrals may incur a performance penalty in environments that use " + "them heavily, a notable example is Microsoft Active Directory. If your setup " +@@ -5628,56 +5658,56 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1076 ++#: sssd-ldap.5.xml:1111 + msgid "ldap_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1079 ++#: sssd-ldap.5.xml:1114 + msgid "Specifies the service name to use when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1083 ++#: sssd-ldap.5.xml:1118 + msgid "Default: ldap" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1089 ++#: sssd-ldap.5.xml:1124 + msgid "ldap_chpass_dns_service_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1092 ++#: sssd-ldap.5.xml:1127 + msgid "" + "Specifies the service name to use to find an LDAP server which allows " + "password changes when service discovery is enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1097 ++#: sssd-ldap.5.xml:1132 + msgid "Default: not set, i.e. service discovery is disabled" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1103 ++#: sssd-ldap.5.xml:1138 + msgid "ldap_chpass_update_last_change (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1106 ++#: sssd-ldap.5.xml:1141 + msgid "" + "Specifies whether to update the ldap_user_shadow_last_change attribute with " + "days since the Epoch after a password change operation." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1118 ++#: sssd-ldap.5.xml:1153 + msgid "ldap_access_filter (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1121 ++#: sssd-ldap.5.xml:1156 + msgid "" + "If using access_provider = ldap and ldap_access_order = filter (default), " + "this option is mandatory. It specifies an LDAP search filter criteria that " +@@ -5693,12 +5723,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1141 ++#: sssd-ldap.5.xml:1176 + msgid "Example:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +-#: sssd-ldap.5.xml:1144 ++#: sssd-ldap.5.xml:1179 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -5707,14 +5737,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1148 ++#: sssd-ldap.5.xml:1183 + msgid "" + "This example means that access to this host is restricted to users whose " + "employeeType attribute is set to \"admin\"." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1153 ++#: sssd-ldap.5.xml:1188 + msgid "" + "Offline caching for this feature is limited to determining whether the " + "user's last online login was granted access permission. If they were granted " +@@ -5723,24 +5753,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218 ++#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253 + msgid "Default: Empty" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1167 ++#: sssd-ldap.5.xml:1202 + msgid "ldap_account_expire_policy (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1170 ++#: sssd-ldap.5.xml:1205 + msgid "" + "With this option a client side evaluation of access control attributes can " + "be enabled." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1174 ++#: sssd-ldap.5.xml:1209 + msgid "" + "Please note that it is always recommended to use server side access control, " + "i.e. the LDAP server should deny the bind request with a suitable error code " +@@ -5748,19 +5778,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1181 ++#: sssd-ldap.5.xml:1216 + msgid "The following values are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1184 ++#: sssd-ldap.5.xml:1219 + msgid "" + "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " + "determine if the account is expired." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1189 ++#: sssd-ldap.5.xml:1224 + msgid "" + "<emphasis>ad</emphasis>: use the value of the 32bit field " + "ldap_user_ad_user_account_control and allow access if the second bit is not " +@@ -5769,7 +5799,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1196 ++#: sssd-ldap.5.xml:1231 + msgid "" + "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" + "emphasis>: use the value of ldap_ns_account_lock to check if access is " +@@ -5777,7 +5807,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1202 ++#: sssd-ldap.5.xml:1237 + msgid "" + "<emphasis>nds</emphasis>: the values of " + "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +@@ -5786,7 +5816,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1211 ++#: sssd-ldap.5.xml:1246 + msgid "" + "Please note that the ldap_access_order configuration option <emphasis>must</" + "emphasis> include <quote>expire</quote> in order for the " +@@ -5794,22 +5824,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1224 ++#: sssd-ldap.5.xml:1259 + msgid "ldap_access_order (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1227 ++#: sssd-ldap.5.xml:1262 + msgid "Comma separated list of access control options. Allowed values are:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1231 ++#: sssd-ldap.5.xml:1266 + msgid "<emphasis>filter</emphasis>: use ldap_access_filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1234 ++#: sssd-ldap.5.xml:1269 + msgid "" + "<emphasis>lockout</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5819,14 +5849,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1244 ++#: sssd-ldap.5.xml:1279 + msgid "" + "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" + "quote> option and might be removed in a future release. </emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1251 ++#: sssd-ldap.5.xml:1286 + msgid "" + "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " + "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +@@ -5839,12 +5869,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1268 ++#: sssd-ldap.5.xml:1303 + msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1272 ++#: sssd-ldap.5.xml:1307 + msgid "" + "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " + "pwd_expire_policy_renew: </emphasis> These options are useful if users are " +@@ -5854,7 +5884,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1282 ++#: sssd-ldap.5.xml:1317 + msgid "" + "The difference between these options is the action taken if user password is " + "expired: pwd_expire_policy_reject - user is denied to log in, " +@@ -5864,63 +5894,63 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1290 ++#: sssd-ldap.5.xml:1325 + msgid "" + "Note If user password is expired no explicit message is prompted by SSSD." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1294 ++#: sssd-ldap.5.xml:1329 + msgid "" + "Please note that 'access_provider = ldap' must be set for this feature to " + "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1299 ++#: sssd-ldap.5.xml:1334 + msgid "" + "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " + "to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1304 ++#: sssd-ldap.5.xml:1339 + msgid "<emphasis>host</emphasis>: use the host attribute to determine access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1308 ++#: sssd-ldap.5.xml:1343 + msgid "" + "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " + "remote host can access" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1312 ++#: sssd-ldap.5.xml:1347 + msgid "" + "Please note, rhost field in pam is set by application, it is better to check " + "what the application sends to pam, before enabling this access control option" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1317 ++#: sssd-ldap.5.xml:1352 + msgid "Default: filter" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1320 ++#: sssd-ldap.5.xml:1355 + msgid "" + "Please note that it is a configuration error if a value is used more than " + "once." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1327 ++#: sssd-ldap.5.xml:1362 + msgid "ldap_pwdlockout_dn (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1330 ++#: sssd-ldap.5.xml:1365 + msgid "" + "This option specifies the DN of password policy entry on LDAP server. Please " + "note that absence of this option in sssd.conf in case of enabled account " +@@ -5929,74 +5959,74 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1338 ++#: sssd-ldap.5.xml:1373 + msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1341 ++#: sssd-ldap.5.xml:1376 + msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1347 ++#: sssd-ldap.5.xml:1382 + msgid "ldap_deref (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1350 ++#: sssd-ldap.5.xml:1385 + msgid "" + "Specifies how alias dereferencing is done when performing a search. The " + "following options are allowed:" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1355 ++#: sssd-ldap.5.xml:1390 + msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1359 ++#: sssd-ldap.5.xml:1394 + msgid "" + "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " + "the base object, but not in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1364 ++#: sssd-ldap.5.xml:1399 + msgid "" + "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " + "the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1369 ++#: sssd-ldap.5.xml:1404 + msgid "" + "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " + "in locating the base object of the search." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1374 ++#: sssd-ldap.5.xml:1409 + msgid "" + "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " + "client libraries)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1382 ++#: sssd-ldap.5.xml:1417 + msgid "ldap_rfc2307_fallback_to_local_users (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1385 ++#: sssd-ldap.5.xml:1420 + msgid "" + "Allows to retain local users as members of an LDAP group for servers that " + "use the RFC2307 schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1389 ++#: sssd-ldap.5.xml:1424 + msgid "" + "In some environments where the RFC2307 schema is used, local users are made " + "members of LDAP groups by adding their names to the memberUid attribute. " +@@ -6007,7 +6037,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1400 ++#: sssd-ldap.5.xml:1435 + msgid "" + "This option falls back to checking if local users are referenced, and caches " + "them so that later initgroups() calls will augment the local users with the " +@@ -6015,24 +6045,24 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136 ++#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136 + msgid "wildcard_limit (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1415 ++#: sssd-ldap.5.xml:1450 + msgid "" + "Specifies an upper limit on the number of entries that are downloaded during " + "a wildcard lookup." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1419 ++#: sssd-ldap.5.xml:1454 + msgid "At the moment, only the InfoPipe responder supports wildcard lookups." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1423 ++#: sssd-ldap.5.xml:1458 + msgid "Default: 1000 (often the size of one page)" + msgstr "" + +@@ -6049,12 +6079,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1433 ++#: sssd-ldap.5.xml:1468 + msgid "SUDO OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1435 ++#: sssd-ldap.5.xml:1470 + msgid "" + "The detailed instructions for configuration of sudo_provider are in the " + "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +@@ -6062,36 +6092,36 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1446 ++#: sssd-ldap.5.xml:1481 + msgid "ldap_sudo_full_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1449 ++#: sssd-ldap.5.xml:1484 + msgid "" + "How many seconds SSSD will wait between executing a full refresh of sudo " + "rules (which downloads all rules that are stored on the server)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1454 ++#: sssd-ldap.5.xml:1489 + msgid "" + "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" + "emphasis>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1459 ++#: sssd-ldap.5.xml:1494 + msgid "Default: 21600 (6 hours)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1465 ++#: sssd-ldap.5.xml:1500 + msgid "ldap_sudo_smart_refresh_interval (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1468 ++#: sssd-ldap.5.xml:1503 + msgid "" + "How many seconds SSSD has to wait before executing a smart refresh of sudo " + "rules (which downloads all rules that have USN higher than the highest " +@@ -6099,14 +6129,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1474 ++#: sssd-ldap.5.xml:1509 + msgid "" + "If USN attributes are not supported by the server, the modifyTimestamp " + "attribute is used instead." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1478 ++#: sssd-ldap.5.xml:1513 + msgid "" + "<emphasis>Note:</emphasis> the highest USN value can be updated by three " + "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +@@ -6116,101 +6146,101 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1495 ++#: sssd-ldap.5.xml:1530 + msgid "ldap_sudo_use_host_filter (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1498 ++#: sssd-ldap.5.xml:1533 + msgid "" + "If true, SSSD will download only rules that are applicable to this machine " + "(using the IPv4 or IPv6 host/network addresses and hostnames)." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1509 ++#: sssd-ldap.5.xml:1544 + msgid "ldap_sudo_hostnames (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1512 ++#: sssd-ldap.5.xml:1547 + msgid "" + "Space separated list of hostnames or fully qualified domain names that " + "should be used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1517 ++#: sssd-ldap.5.xml:1552 + msgid "" + "If this option is empty, SSSD will try to discover the hostname and the " + "fully qualified domain name automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 +-#: sssd-ldap.5.xml:1581 ++#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 ++#: sssd-ldap.5.xml:1616 + msgid "" + "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" + "emphasis> then this option has no effect." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550 ++#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585 + msgid "Default: not specified" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1533 ++#: sssd-ldap.5.xml:1568 + msgid "ldap_sudo_ip (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1536 ++#: sssd-ldap.5.xml:1571 + msgid "" + "Space separated list of IPv4 or IPv6 host/network addresses that should be " + "used to filter the rules." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1541 ++#: sssd-ldap.5.xml:1576 + msgid "" + "If this option is empty, SSSD will try to discover the addresses " + "automatically." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1556 ++#: sssd-ldap.5.xml:1591 + msgid "ldap_sudo_include_netgroups (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1559 ++#: sssd-ldap.5.xml:1594 + msgid "" + "If true then SSSD will download every rule that contains a netgroup in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1574 ++#: sssd-ldap.5.xml:1609 + msgid "ldap_sudo_include_regexp (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1577 ++#: sssd-ldap.5.xml:1612 + msgid "" + "If true then SSSD will download every rule that contains a wildcard in " + "sudoHost attribute." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +-#: sssd-ldap.5.xml:1587 ++#: sssd-ldap.5.xml:1622 + msgid "" + "Using wildcard is an operation that is very costly to evaluate on the LDAP " + "server side!" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1599 ++#: sssd-ldap.5.xml:1634 + msgid "" + "This manual page only describes attribute name mapping. For detailed " + "explanation of sudo related attribute semantics, see <citerefentry> " +@@ -6219,59 +6249,59 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1609 ++#: sssd-ldap.5.xml:1644 + msgid "AUTOFS OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1611 ++#: sssd-ldap.5.xml:1646 + msgid "" + "Some of the defaults for the parameters below are dependent on the LDAP " + "schema." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1617 ++#: sssd-ldap.5.xml:1652 + msgid "ldap_autofs_map_master_name (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1620 ++#: sssd-ldap.5.xml:1655 + msgid "The name of the automount master map in LDAP." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ldap.5.xml:1623 ++#: sssd-ldap.5.xml:1658 + msgid "Default: auto.master" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1634 ++#: sssd-ldap.5.xml:1669 + msgid "ADVANCED OPTIONS" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1641 ++#: sssd-ldap.5.xml:1676 + msgid "ldap_netgroup_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1646 ++#: sssd-ldap.5.xml:1681 + msgid "ldap_user_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1651 ++#: sssd-ldap.5.xml:1686 + msgid "ldap_group_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +-#: sssd-ldap.5.xml:1656 ++#: sssd-ldap.5.xml:1691 + msgid "<note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +-#: sssd-ldap.5.xml:1658 ++#: sssd-ldap.5.xml:1693 + msgid "" + "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " + "against Active Directory will not be restricted and return all groups " +@@ -6280,22 +6310,22 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist> +-#: sssd-ldap.5.xml:1665 ++#: sssd-ldap.5.xml:1700 + msgid "</note>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1667 ++#: sssd-ldap.5.xml:1702 + msgid "ldap_sudo_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ldap.5.xml:1672 ++#: sssd-ldap.5.xml:1707 + msgid "ldap_autofs_search_base (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1636 ++#: sssd-ldap.5.xml:1671 + msgid "" + "These options are supported by LDAP domains, but they should be used with " + "caution. Please include them in your configuration only if you know what you " +@@ -6304,14 +6334,14 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 +-#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 ++#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 ++#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 + #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144 + msgid "EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1689 ++#: sssd-ldap.5.xml:1724 + msgid "" + "The following example assumes that SSSD is correctly configured and LDAP is " + "set to one of the domains in the <replaceable>[domains]</replaceable> " +@@ -6319,7 +6349,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1695 ++#: sssd-ldap.5.xml:1730 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6332,27 +6362,27 @@ msgid "" + msgstr "" + + #. type: Content of: <refsect1><refsect2><para> +-#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 +-#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 ++#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 ++#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 + #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 + #: include/ldap_id_mapping.xml:105 + msgid "<placeholder type=\"programlisting\" id=\"0\"/>" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1706 ++#: sssd-ldap.5.xml:1741 + msgid "LDAP ACCESS FILTER EXAMPLE" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1708 ++#: sssd-ldap.5.xml:1743 + msgid "" + "The following example assumes that SSSD is correctly configured and to use " + "the ldap_access_order=lockout." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ldap.5.xml:1713 ++#: sssd-ldap.5.xml:1748 + #, no-wrap + msgid "" + "[domain/LDAP]\n" +@@ -6368,13 +6398,13 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> +-#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +-#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163 ++#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 ++#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163 + msgid "NOTES" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ldap.5.xml:1730 ++#: sssd-ldap.5.xml:1765 + msgid "" + "The descriptions of some of the configuration options in this manual page " + "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +@@ -7904,7 +7934,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019 ++#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039 + msgid "dyndns_update (boolean)" + msgstr "" + +@@ -7919,7 +7949,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033 ++#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053 + msgid "" + "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " + "the default Kerberos realm must be set properly in /etc/krb5.conf" +@@ -7934,12 +7964,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044 ++#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064 + msgid "dyndns_ttl (integer)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047 ++#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067 + msgid "" + "The TTL to apply to the client DNS record when updating it. If " + "dyndns_update is false this has no effect. This will override the TTL " +@@ -7960,12 +7990,12 @@ msgid "Default: 1200 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058 ++#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078 + msgid "dyndns_iface (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061 ++#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081 + msgid "" + "Optional. Applicable only when dyndns_update is true. Choose the interface " + "or a list of interfaces whose IP addresses should be used for dynamic DNS " +@@ -7989,17 +8019,17 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072 ++#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092 + msgid "Example: dyndns_iface = em1, vnet1, vnet2" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123 ++#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143 + msgid "dyndns_auth (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126 ++#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146 + msgid "" + "Whether the nsupdate utility should use GSS-TSIG authentication for secure " + "updates with the DNS server, insecure updates can be sent by setting this " +@@ -8007,7 +8037,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132 ++#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152 + msgid "Default: GSS-TSIG" + msgstr "" + +@@ -8034,7 +8064,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078 ++#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098 + msgid "dyndns_refresh_interval (integer)" + msgstr "" + +@@ -8047,12 +8077,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096 ++#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116 + msgid "dyndns_update_ptr (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099 ++#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119 + msgid "" + "Whether the PTR record should also be explicitly updated when updating the " + "client's DNS records. Applicable only when dyndns_update is true." +@@ -8071,60 +8101,60 @@ msgid "Default: False (disabled)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110 ++#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130 + msgid "dyndns_force_tcp (bool)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113 ++#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133 + msgid "" + "Whether the nsupdate utility should default to using TCP for communicating " + "with the DNS server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117 ++#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137 + msgid "Default: False (let nsupdate choose the protocol)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138 ++#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158 + msgid "dyndns_server (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141 ++#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161 + msgid "" + "The DNS server to use when performing a DNS update. In most setups, it's " + "recommended to leave this option unset." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146 ++#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166 + msgid "" + "Setting this option makes sense for environments where the DNS server is " + "different from the identity server." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151 ++#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171 + msgid "" + "Please note that this option will be only used in fallback attempt when " + "previous attempt using autodetected settings failed." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156 ++#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176 + msgid "Default: None (let nsupdate choose the server)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162 ++#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182 + msgid "dyndns_update_per_family (boolean)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165 ++#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185 + msgid "" + "DNS update is by default performed in two steps - IPv4 update and then IPv6 " + "update. In some cases it might be desirable to perform IPv4 and IPv6 update " +@@ -8238,26 +8268,26 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +-#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180 ++#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200 + msgid "krb5_confd_path (string)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183 ++#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203 + msgid "" + "Absolute path of a directory where SSSD should place Kerberos configuration " + "snippets." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187 ++#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207 + msgid "" + "To disable the creation of the configuration snippets set the parameter to " + "'none'." + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191 ++#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211 + msgid "" + "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" + msgstr "" +@@ -9697,9 +9727,25 @@ msgstr "" + msgid "Default: 86400:750 (24h and 15m)" + msgstr "" + ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> ++#: sssd-ad.5.xml:1019 ++msgid "ad_use_ldaps (bool)" ++msgstr "" ++ + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> + #: sssd-ad.5.xml:1022 + msgid "" ++"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " ++"3628. If this option is set to True SSSD will use the LDAPS port 636 and " ++"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " ++"have multiple encryption layers on a single connection and we still want to " ++"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " ++"property maxssf is set to 0 (zero) for those connections." ++msgstr "" ++ ++#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> ++#: sssd-ad.5.xml:1042 ++msgid "" + "Optional. This option tells SSSD to automatically update the Active " + "Directory DNS server with the IP address of this client. The update is " + "secured using GSS-TSIG. As a consequence, the Active Directory administrator " +@@ -9709,19 +9755,19 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1052 ++#: sssd-ad.5.xml:1072 + msgid "Default: 3600 (seconds)" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1068 ++#: sssd-ad.5.xml:1088 + msgid "" + "Default: Use the IP addresses of the interface which is used for AD LDAP " + "connection" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1081 ++#: sssd-ad.5.xml:1101 + msgid "" + "How often should the back end perform periodic DNS update in addition to the " + "automatic update performed when the back end goes online. This option is " +@@ -9731,12 +9777,12 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +-#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76 ++#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76 + msgid "Default: True" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1211 ++#: sssd-ad.5.xml:1231 + msgid "" + "The following example assumes that SSSD is correctly configured and example." + "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +@@ -9744,7 +9790,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1218 ++#: sssd-ad.5.xml:1238 + #, no-wrap + msgid "" + "[domain/EXAMPLE]\n" +@@ -9759,7 +9805,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><programlisting> +-#: sssd-ad.5.xml:1238 ++#: sssd-ad.5.xml:1258 + #, no-wrap + msgid "" + "access_provider = ldap\n" +@@ -9768,7 +9814,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1234 ++#: sssd-ad.5.xml:1254 + msgid "" + "The AD access control provider checks if the account is expired. It has the " + "same effect as the following configuration of the LDAP provider: " +@@ -9776,7 +9822,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1244 ++#: sssd-ad.5.xml:1264 + msgid "" + "However, unless the <quote>ad</quote> access control provider is explicitly " + "configured, the default access provider is <quote>permit</quote>. Please " +@@ -9786,7 +9832,7 @@ msgid "" + msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> +-#: sssd-ad.5.xml:1252 ++#: sssd-ad.5.xml:1272 + msgid "" + "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " + "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +@@ -13905,10 +13951,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:225 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 64" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> + #: sssd-kcm.8.xml:230 +@@ -13924,10 +13968,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> + #: sssd-kcm.8.xml:237 +-#, fuzzy +-#| msgid "Default: 3" + msgid "Default: 65536" +-msgstr "默认: 3" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para> + #: sssd-kcm.8.xml:247 +@@ -15430,10 +15472,8 @@ msgstr "" + + #. type: Content of: <reference><refentry><refsect1><title> + #: sssd-ldap-attributes.5.xml:968 +-#, fuzzy +-#| msgid "SERVICES SECTIONS" + msgid "SERVICE ATTRIBUTES" +-msgstr "服务部分" ++msgstr "" + + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> + #: sssd-ldap-attributes.5.xml:972 +-- +2.20.1 + diff --git a/SOURCES/0017-MAN-Get-rid-of-sssd-secrets-reference.patch b/SOURCES/0017-MAN-Get-rid-of-sssd-secrets-reference.patch deleted file mode 100644 index ca0e6d0..0000000 --- a/SOURCES/0017-MAN-Get-rid-of-sssd-secrets-reference.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ca02a20c16a1249a8fcecad31e915bf64df77cc9 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek <jhrozek@redhat.com> -Date: Fri, 5 Oct 2018 13:17:14 +0200 -Subject: [PATCH 17/23] MAN: Get rid of sssd-secrets reference -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/3685 - -There were some stray references to the secrets responder in the -sssd-kcm manual page. - -Reviewed-by: Michal Židek <mzidek@redhat.com> ---- - src/man/sssd-kcm.8.xml | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml -index fff8b0a16..90b9ad09c 100644 ---- a/src/man/sssd-kcm.8.xml -+++ b/src/man/sssd-kcm.8.xml -@@ -58,11 +58,9 @@ - </listitem> - <listitem> - <para> -- the SSSD implementation stores the ccaches in the SSSD -- <citerefentry> -- <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> -- </citerefentry> -- secrets store, allowing the ccaches to survive KCM server restarts or machine reboots. -+ the SSSD implementation stores the ccaches in a database, -+ typically located at <replaceable>/var/lib/sss/secrets</replaceable> -+ allowing the ccaches to survive KCM server restarts or machine reboots. - </para> - </listitem> - </itemizedlist> --- -2.20.1 - diff --git a/SOURCES/0017-sbus_server-stylistic-rename.patch b/SOURCES/0017-sbus_server-stylistic-rename.patch new file mode 100644 index 0000000..40d597d --- /dev/null +++ b/SOURCES/0017-sbus_server-stylistic-rename.patch @@ -0,0 +1,43 @@ +From faa5dbf6f716bd4ac0a3020a28a1ee6fbf74654a Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 23 Jan 2020 17:22:28 +0100 +Subject: [PATCH 17/23] sbus_server: stylistic rename +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Renamed sbus_server_name_remove_from_table() to +sbus_server_name_remove_from_table_cb() to keep naming consistent +with other functions used as `hash_delete_callback` argument of +sss_ptr_hash_create() + +Reviewed-by: Pavel Březina <pbrezina@redhat.com> +--- + src/sbus/server/sbus_server.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c +index 5405dae56..2b9327051 100644 +--- a/src/sbus/server/sbus_server.c ++++ b/src/sbus/server/sbus_server.c +@@ -584,7 +584,7 @@ sbus_server_name_lost(struct sbus_server *server, + } + + static void +-sbus_server_name_remove_from_table(hash_entry_t *item, ++sbus_server_name_remove_from_table_cb(hash_entry_t *item, + hash_destroy_enum type, + void *pvt) + { +@@ -676,7 +676,7 @@ sbus_server_create(TALLOC_CTX *mem_ctx, + } + + sbus_server->names = sss_ptr_hash_create(sbus_server, +- sbus_server_name_remove_from_table, sbus_server); ++ sbus_server_name_remove_from_table_cb, sbus_server); + if (sbus_server->names == NULL) { + ret = ENOMEM; + goto done; +-- +2.20.1 + diff --git a/SOURCES/0018-MAN-Document-that-it-is-enough-to-systemctl-restart-.patch b/SOURCES/0018-MAN-Document-that-it-is-enough-to-systemctl-restart-.patch deleted file mode 100644 index 5520efa..0000000 --- a/SOURCES/0018-MAN-Document-that-it-is-enough-to-systemctl-restart-.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 84eca2e812f8a8684a35b4cd0c262660930e0d40 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek <jhrozek@redhat.com> -Date: Fri, 30 Nov 2018 13:15:58 +0100 -Subject: [PATCH 18/23] MAN: Document that it is enough to systemctl restart - sssd-kcm.service lately -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/3862 - -We forgot to amend the man page after implementing the sssd-kcm service -reload. - -Reviewed-by: Michal Židek <mzidek@redhat.com> ---- - src/man/sssd-kcm.8.xml | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml -index 90b9ad09c..4e4aaa38e 100644 ---- a/src/man/sssd-kcm.8.xml -+++ b/src/man/sssd-kcm.8.xml -@@ -162,12 +162,17 @@ systemctl restart sssd-kcm.service - <title>CONFIGURATION OPTIONS - - The KCM service is configured in the kcm -- section of the sssd.conf file. Please note that currently, -- is it not sufficient to restart the sssd-kcm service, because -- the sssd configuration is only parsed and read to an internal -- configuration database by the sssd service. Therefore you -- must restart the sssd service if you change anything in the -- kcm section of sssd.conf. -+ section of the sssd.conf file. Please note that because -+ the KCM service is typically socket-activated, it is -+ enough to just restart the sssd-kcm service -+ after changing options in the kcm section -+ of sssd.conf: -+ -+systemctl restart sssd-kcm.service -+ -+ -+ -+ The KCM service is configured in the kcm - For a detailed syntax reference, refer to the FILE FORMAT section of the - - sssd.conf --- -2.20.1 - diff --git a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch new file mode 100644 index 0000000..25254a6 --- /dev/null +++ b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch @@ -0,0 +1,91 @@ +From adc7730a4e1b9721c93863a1b283457e9c02a3c5 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 23 Jan 2020 17:55:24 +0100 +Subject: [PATCH 18/23] sss_ptr_hash: don't keep empty sss_ptr_hash_delete_data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is no need to allocate memory for `sss_ptr_hash_delete_data` +if table user doesn't provide custom delete callback. + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 36 ++++++++++++++++++++---------------- + 1 file changed, 20 insertions(+), 16 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 8f9762cb9..f8addec1e 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -138,12 +138,6 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + struct sss_ptr_hash_value *value; + struct hash_entry_t callback_entry; + +- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); +- return; +- } +- + value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n"); +@@ -157,8 +151,14 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + /* Free value, this also will disable spy */ + talloc_free(value); + +- /* Switch to the input value and call custom callback. */ +- if (data->callback != NULL) { ++ if (pvt != NULL) { ++ /* Switch to the input value and call custom callback. */ ++ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); ++ return; ++ } ++ + data->callback(&callback_entry, deltype, data->pvt); + } + } +@@ -167,17 +167,19 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + hash_delete_callback *del_cb, + void *del_cb_pvt) + { +- struct sss_ptr_hash_delete_data *data; ++ struct sss_ptr_hash_delete_data *data = NULL; + hash_table_t *table; + errno_t ret; + +- data = talloc_zero(NULL, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- return NULL; +- } ++ if (del_cb != NULL) { ++ data = talloc_zero(NULL, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ return NULL; ++ } + +- data->callback = del_cb; +- data->pvt = del_cb_pvt; ++ data->callback = del_cb; ++ data->pvt = del_cb_pvt; ++ } + + ret = sss_hash_create_ex(mem_ctx, 10, &table, 0, 0, 0, 0, + sss_ptr_hash_delete_cb, data); +@@ -188,7 +190,9 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + return NULL; + } + +- talloc_steal(table, data); ++ if (data != NULL) { ++ talloc_steal(table, data); ++ } + + return table; + } +-- +2.20.1 + diff --git a/SOURCES/0019-SECRETS-Use-different-option-names-from-secrets-and-.patch b/SOURCES/0019-SECRETS-Use-different-option-names-from-secrets-and-.patch deleted file mode 100644 index 4afec42..0000000 --- a/SOURCES/0019-SECRETS-Use-different-option-names-from-secrets-and-.patch +++ /dev/null @@ -1,280 +0,0 @@ -From f74b97860ec7c66df01ed2b719d29a138c958081 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 26 Nov 2018 13:44:08 +0100 -Subject: [PATCH 19/23] SECRETS: Use different option names from secrets and - KCM for quota options -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/3386 - -With the separate secrets responder, the quotas for the /secrets and -/kcm hives were configurable in a sub-section of the [secrets] sssd.conf -section using the same option -- the /secrets vs. /kcm distinction was -made using the subsection name. - -With the standalone KCM responder writing directly to the database, it -makes sense to have options with more descriptive names better suitable -for the KCM usage. For that we need the options for secrets quotas and -kcm quotas to be named differently. - -For now, the patch only passes the option name to sss_sec_get_quota() -and sss_sec_get_hive_config() together with the default value in an -instance of a new structure sss_sec_quota_opt. The secrets responder -still uses the same option names for backwards compatibility. - -Reviewed-by: Michal Židek ---- - src/responder/secrets/secsrv.c | 70 ++++++++++++++++++++++++++-------- - src/util/secrets/config.c | 40 +++++++++---------- - src/util/secrets/secrets.h | 21 ++++++---- - 3 files changed, 88 insertions(+), 43 deletions(-) - -diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c -index 2de93dedc..e783e231d 100644 ---- a/src/responder/secrets/secsrv.c -+++ b/src/responder/secrets/secsrv.c -@@ -47,6 +47,39 @@ static void adjust_global_quota(struct sec_ctx *sctx, - static int sec_get_config(struct sec_ctx *sctx) - { - int ret; -+ struct sss_sec_quota_opt dfl_sec_nest_level = { -+ .opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, -+ .default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, -+ }; -+ struct sss_sec_quota_opt dfl_sec_max_secrets = { -+ .opt_name = CONFDB_SEC_MAX_SECRETS, -+ .default_value = DEFAULT_SEC_MAX_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_sec_max_uid_secrets = { -+ .opt_name = CONFDB_SEC_MAX_UID_SECRETS, -+ .default_value = DEFAULT_SEC_MAX_UID_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_sec_max_payload_size = { -+ .opt_name = CONFDB_SEC_MAX_PAYLOAD_SIZE, -+ .default_value = DEFAULT_SEC_MAX_PAYLOAD_SIZE, -+ }; -+ -+ struct sss_sec_quota_opt dfl_kcm_nest_level = { -+ .opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, -+ .default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_secrets = { -+ .opt_name = CONFDB_SEC_MAX_SECRETS, -+ .default_value = DEFAULT_SEC_KCM_MAX_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_uid_secrets = { -+ .opt_name = CONFDB_SEC_MAX_UID_SECRETS, -+ .default_value = DEFAULT_SEC_KCM_MAX_UID_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_payload_size = { -+ .opt_name = CONFDB_SEC_MAX_PAYLOAD_SIZE, -+ .default_value = DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE, -+ }; - - ret = confdb_get_int(sctx->rctx->cdb, - sctx->rctx->confdb_service_path, -@@ -65,15 +98,12 @@ static int sec_get_config(struct sec_ctx *sctx) - sctx->max_payload_size = 1; - - /* Read the global quota first -- this should be removed in a future release */ -- /* Note that this sets the defaults for the sec_config quota to be used -- * in sec_get_hive_config() -- */ - ret = sss_sec_get_quota(sctx->rctx->cdb, - sctx->rctx->confdb_service_path, -- DEFAULT_SEC_CONTAINERS_NEST_LEVEL, -- DEFAULT_SEC_MAX_SECRETS, -- DEFAULT_SEC_MAX_UID_SECRETS, -- DEFAULT_SEC_MAX_PAYLOAD_SIZE, -+ &dfl_sec_nest_level, -+ &dfl_sec_max_secrets, -+ &dfl_sec_max_uid_secrets, -+ &dfl_sec_max_payload_size, - &sctx->sec_config.quota); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, -@@ -81,13 +111,23 @@ static int sec_get_config(struct sec_ctx *sctx) - goto fail; - } - -+ /* Use the global quota values as defaults for the secrets/secrets section */ -+ dfl_sec_nest_level.default_value = \ -+ sctx->sec_config.quota.containers_nest_level; -+ dfl_sec_max_secrets.default_value = \ -+ sctx->sec_config.quota.max_secrets; -+ dfl_sec_max_uid_secrets.default_value = \ -+ sctx->sec_config.quota.max_uid_secrets; -+ dfl_sec_max_payload_size.default_value = \ -+ sctx->sec_config.quota.max_payload_size; -+ - /* Read the per-hive configuration */ - ret = sss_sec_get_hive_config(sctx->rctx->cdb, - "secrets", -- sctx->sec_config.quota.containers_nest_level, -- sctx->sec_config.quota.max_secrets, -- sctx->sec_config.quota.max_uid_secrets, -- sctx->sec_config.quota.max_payload_size, -+ &dfl_sec_nest_level, -+ &dfl_sec_max_secrets, -+ &dfl_sec_max_uid_secrets, -+ &dfl_sec_max_payload_size, - &sctx->sec_config); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, -@@ -98,10 +138,10 @@ static int sec_get_config(struct sec_ctx *sctx) - - ret = sss_sec_get_hive_config(sctx->rctx->cdb, - "kcm", -- DEFAULT_SEC_CONTAINERS_NEST_LEVEL, -- DEFAULT_SEC_KCM_MAX_SECRETS, -- DEFAULT_SEC_KCM_MAX_UID_SECRETS, -- DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE, -+ &dfl_kcm_nest_level, -+ &dfl_kcm_max_secrets, -+ &dfl_kcm_max_uid_secrets, -+ &dfl_kcm_max_payload_size, - &sctx->kcm_config); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, -diff --git a/src/util/secrets/config.c b/src/util/secrets/config.c -index cb286121f..f5dac0b21 100644 ---- a/src/util/secrets/config.c -+++ b/src/util/secrets/config.c -@@ -24,10 +24,10 @@ - - errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - const char *section_config_path, -- int default_max_containers_nest_level, -- int default_max_num_secrets, -- int default_max_num_uid_secrets, -- int default_max_payload, -+ struct sss_sec_quota_opt *dfl_max_containers_nest_level, -+ struct sss_sec_quota_opt *dfl_max_num_secrets, -+ struct sss_sec_quota_opt *dfl_max_num_uid_secrets, -+ struct sss_sec_quota_opt *dfl_max_payload, - struct sss_sec_quota *quota) - { - int ret; -@@ -38,8 +38,8 @@ errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - - ret = confdb_get_int(cdb, - section_config_path, -- CONFDB_SEC_CONTAINERS_NEST_LEVEL, -- default_max_containers_nest_level, -+ dfl_max_containers_nest_level->opt_name, -+ dfl_max_containers_nest_level->default_value, - "a->containers_nest_level); - - if (ret != EOK) { -@@ -51,8 +51,8 @@ errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - - ret = confdb_get_int(cdb, - section_config_path, -- CONFDB_SEC_MAX_SECRETS, -- default_max_num_secrets, -+ dfl_max_num_secrets->opt_name, -+ dfl_max_num_secrets->default_value, - "a->max_secrets); - - if (ret != EOK) { -@@ -64,8 +64,8 @@ errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - - ret = confdb_get_int(cdb, - section_config_path, -- CONFDB_SEC_MAX_UID_SECRETS, -- default_max_num_uid_secrets, -+ dfl_max_num_uid_secrets->opt_name, -+ dfl_max_num_uid_secrets->default_value, - "a->max_uid_secrets); - - if (ret != EOK) { -@@ -77,8 +77,8 @@ errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - - ret = confdb_get_int(cdb, - section_config_path, -- CONFDB_SEC_MAX_PAYLOAD_SIZE, -- default_max_payload, -+ dfl_max_payload->opt_name, -+ dfl_max_payload->default_value, - "a->max_payload_size); - - if (ret != EOK) { -@@ -93,10 +93,10 @@ errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - - errno_t sss_sec_get_hive_config(struct confdb_ctx *cdb, - const char *hive_name, -- int default_max_containers_nest_level, -- int default_max_num_secrets, -- int default_max_num_uid_secrets, -- int default_max_payload, -+ struct sss_sec_quota_opt *dfl_max_containers_nest_level, -+ struct sss_sec_quota_opt *dfl_max_num_secrets, -+ struct sss_sec_quota_opt *dfl_max_num_uid_secrets, -+ struct sss_sec_quota_opt *dfl_max_payload, - struct sss_sec_hive_config *hive_config) - { - int ret; -@@ -122,10 +122,10 @@ errno_t sss_sec_get_hive_config(struct confdb_ctx *cdb, - - ret = sss_sec_get_quota(cdb, - confdb_section, -- default_max_containers_nest_level, -- default_max_num_secrets, -- default_max_num_uid_secrets, -- default_max_payload, -+ dfl_max_containers_nest_level, -+ dfl_max_num_secrets, -+ dfl_max_num_uid_secrets, -+ dfl_max_payload, - &hive_config->quota); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, -diff --git a/src/util/secrets/secrets.h b/src/util/secrets/secrets.h -index 01abfe542..31164bd86 100644 ---- a/src/util/secrets/secrets.h -+++ b/src/util/secrets/secrets.h -@@ -47,6 +47,11 @@ struct sss_sec_ctx; - - struct sss_sec_req; - -+struct sss_sec_quota_opt { -+ const char *opt_name; -+ int default_value; -+}; -+ - struct sss_sec_quota { - int max_secrets; - int max_uid_secrets; -@@ -98,18 +103,18 @@ bool sss_sec_req_is_list(struct sss_sec_req *req); - - errno_t sss_sec_get_quota(struct confdb_ctx *cdb, - const char *section_config_path, -- int default_max_containers_nest_level, -- int default_max_num_secrets, -- int default_max_num_uid_secrets, -- int default_max_payload, -+ struct sss_sec_quota_opt *dfl_max_containers_nest_level, -+ struct sss_sec_quota_opt *dfl_max_num_secrets, -+ struct sss_sec_quota_opt *dfl_max_num_uid_secrets, -+ struct sss_sec_quota_opt *dfl_max_payload, - struct sss_sec_quota *quota); - - errno_t sss_sec_get_hive_config(struct confdb_ctx *cdb, - const char *hive_name, -- int default_max_containers_nest_level, -- int default_max_num_secrets, -- int default_max_num_uid_secrets, -- int default_max_payload, -+ struct sss_sec_quota_opt *dfl_max_containers_nest_level, -+ struct sss_sec_quota_opt *dfl_max_num_secrets, -+ struct sss_sec_quota_opt *dfl_max_num_uid_secrets, -+ struct sss_sec_quota_opt *dfl_max_payload, - struct sss_sec_hive_config *hive_config); - - #endif /* __SECRETS_H_ */ --- -2.20.1 - diff --git a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch new file mode 100644 index 0000000..b56423a --- /dev/null +++ b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch @@ -0,0 +1,62 @@ +From d0eb88089b059bfe2da3bd1a3797b89d69119c29 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 23 Jan 2020 19:00:27 +0100 +Subject: [PATCH 19/23] sss_ptr_hash: sss_ptr_hash_delete fix/optimization +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + - no reason to skip hash_delete() just because sss_ptr_hash_lookup_internal() +failed + - avoid excessive lookup if it is not required to free payload + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index f8addec1e..7326244e6 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -331,20 +331,21 @@ void sss_ptr_hash_delete(hash_table_t *table, + struct sss_ptr_hash_value *value; + hash_key_t table_key; + int hret; +- void *ptr; ++ void *payload; + + if (table == NULL || key == NULL) { + return; + } + +- value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL) { +- /* Value not found. */ +- return; ++ if (free_value) { ++ value = sss_ptr_hash_lookup_internal(table, key); ++ if (value == NULL) { ++ free_value = false; ++ } else { ++ payload = value->ptr; ++ } + } + +- ptr = value->ptr; +- + table_key.type = HASH_KEY_STRING; + table_key.str = discard_const_p(char, key); + +@@ -357,7 +358,7 @@ void sss_ptr_hash_delete(hash_table_t *table, + + /* Also free the original value if requested. */ + if (free_value) { +- talloc_free(ptr); ++ talloc_free(payload); + } + + return; +-- +2.20.1 + diff --git a/SOURCES/0020-SECRETS-Don-t-limit-the-global-number-of-ccaches.patch b/SOURCES/0020-SECRETS-Don-t-limit-the-global-number-of-ccaches.patch deleted file mode 100644 index a05c43e..0000000 --- a/SOURCES/0020-SECRETS-Don-t-limit-the-global-number-of-ccaches.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 940002ca21abde53ad81df622d1f4dd3b5e8e014 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 30 Nov 2018 13:34:22 +0100 -Subject: [PATCH 20/23] SECRETS: Don't limit the global number of ccaches -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/3386 - -In the KCM context, the global number of ccaches would limit the number -of users who can store their ccaches in the KCM deamon. - -In more detail, the options have the following semantics with KCM: - - DEFAULT_SEC_KCM_MAX_SECRETS - global number of secrets, would - cover both how many ccaches can a user store, but this is better - served with DEFAULT_SEC_KCM_MAX_UID_SECRETS - - - DEFAULT_SEC_KCM_MAX_UID_SECRETS - how many 'principals' can a user - kinit with - - - DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE - the payload size of service - tickets - -With the above in mind, I think the most important limits are -max_uid_secrets to limit and the payload size to constraint how much -space can a user occupy and it doesn't make much sense to limit the -global quota. - -Reviewed-by: Michal Židek ---- - src/util/secrets/secrets.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/util/secrets/secrets.h b/src/util/secrets/secrets.h -index 31164bd86..9cf397516 100644 ---- a/src/util/secrets/secrets.h -+++ b/src/util/secrets/secrets.h -@@ -39,7 +39,7 @@ - * but the secret size must be large because one secret in the /kcm - * hive holds the whole ccache which consists of several credentials - */ --#define DEFAULT_SEC_KCM_MAX_SECRETS 256 -+#define DEFAULT_SEC_KCM_MAX_SECRETS 0 /* unlimited */ - #define DEFAULT_SEC_KCM_MAX_UID_SECRETS 64 - #define DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE 65536 - --- -2.20.1 - diff --git a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch new file mode 100644 index 0000000..b5a8ee4 --- /dev/null +++ b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch @@ -0,0 +1,35 @@ +From 8cc2ce4e9060a71d441a377008fb2f567baa5d92 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 23 Jan 2020 20:07:41 +0100 +Subject: [PATCH 20/23] sss_ptr_hash: removed redundant check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`sss_ptr_hash_check_type()` call would take care of this case. + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 7326244e6..bf111a613 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -268,12 +268,6 @@ sss_ptr_hash_lookup_internal(hash_table_t *table, + return NULL; + } + +- /* This may happen if we are in delete callback +- * and we try to search the hash table. */ +- if (table_value.ptr == NULL) { +- return NULL; +- } +- + if (!sss_ptr_hash_check_type(table_value.ptr, "struct sss_ptr_hash_value")) { + return NULL; + } +-- +2.20.1 + diff --git a/SOURCES/0021-KCM-Pass-confdb-context-to-the-ccache-db-initializat.patch b/SOURCES/0021-KCM-Pass-confdb-context-to-the-ccache-db-initializat.patch deleted file mode 100644 index 964b175..0000000 --- a/SOURCES/0021-KCM-Pass-confdb-context-to-the-ccache-db-initializat.patch +++ /dev/null @@ -1,176 +0,0 @@ -From f00db73d7bbf312e3e2a772b8b10895d5460b989 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 28 Nov 2018 21:24:08 +0100 -Subject: [PATCH 21/23] KCM: Pass confdb context to the ccache db - initialization -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Resolves: -https://pagure.io/SSSD/sssd/issue/3386 - -The libsecrets back end needs to read the quota options from confdb, -therefore it needs to know the section and access the confdb handle. - -These parameters are unused for other ccache back end types, but they -are harmless and IMO it makes more sense to keep the ccache back end -abstract. - -Reviewed-by: Michal Židek ---- - src/responder/kcm/kcm.c | 14 ++++++++++++-- - src/responder/kcm/kcmsrv_ccache.c | 4 +++- - src/responder/kcm/kcmsrv_ccache.h | 2 ++ - src/responder/kcm/kcmsrv_ccache_be.h | 4 +++- - src/responder/kcm/kcmsrv_ccache_mem.c | 4 +++- - src/responder/kcm/kcmsrv_ccache_secdb.c | 6 +++--- - src/responder/kcm/kcmsrv_ccache_secrets.c | 4 +++- - 7 files changed, 29 insertions(+), 9 deletions(-) - -diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c -index 005dd168f..045c7801f 100644 ---- a/src/responder/kcm/kcm.c -+++ b/src/responder/kcm/kcm.c -@@ -170,6 +170,8 @@ static int kcm_data_destructor(void *ptr) - - static struct kcm_resp_ctx *kcm_data_setup(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path, - enum kcm_ccdb_be cc_be) - { - struct kcm_resp_ctx *kcm_data; -@@ -181,7 +183,11 @@ static struct kcm_resp_ctx *kcm_data_setup(TALLOC_CTX *mem_ctx, - return NULL; - } - -- kcm_data->db = kcm_ccdb_init(kcm_data, ev, cc_be); -+ kcm_data->db = kcm_ccdb_init(kcm_data, -+ ev, -+ cdb, -+ confdb_service_path, -+ cc_be); - if (kcm_data->db == NULL) { - talloc_free(kcm_data); - return NULL; -@@ -235,7 +241,11 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx, - goto fail; - } - -- kctx->kcm_data = kcm_data_setup(kctx, ev, kctx->cc_be); -+ kctx->kcm_data = kcm_data_setup(kctx, -+ ev, -+ kctx->rctx->cdb, -+ kctx->rctx->confdb_service_path, -+ kctx->cc_be); - if (kctx->kcm_data == NULL) { - DEBUG(SSSDBG_FATAL_FAILURE, - "fatal error initializing responder data\n"); -diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c -index e7800662a..085cc4464 100644 ---- a/src/responder/kcm/kcmsrv_ccache.c -+++ b/src/responder/kcm/kcmsrv_ccache.c -@@ -229,6 +229,8 @@ struct sss_iobuf *kcm_cred_get_creds(struct kcm_cred *crd) - - struct kcm_ccdb *kcm_ccdb_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path, - enum kcm_ccdb_be cc_be) - { - errno_t ret; -@@ -270,7 +272,7 @@ struct kcm_ccdb *kcm_ccdb_init(TALLOC_CTX *mem_ctx, - return NULL; - } - -- ret = ccdb->ops->init(ccdb); -+ ret = ccdb->ops->init(ccdb, cdb, confdb_service_path); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize ccache database\n"); - talloc_free(ccdb); -diff --git a/src/responder/kcm/kcmsrv_ccache.h b/src/responder/kcm/kcmsrv_ccache.h -index 0fd33325f..199b75b16 100644 ---- a/src/responder/kcm/kcmsrv_ccache.h -+++ b/src/responder/kcm/kcmsrv_ccache.h -@@ -125,6 +125,8 @@ struct kcm_ccdb; - */ - struct kcm_ccdb *kcm_ccdb_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path, - enum kcm_ccdb_be cc_be); - - /* -diff --git a/src/responder/kcm/kcmsrv_ccache_be.h b/src/responder/kcm/kcmsrv_ccache_be.h -index 7315f6435..166af3a76 100644 ---- a/src/responder/kcm/kcmsrv_ccache_be.h -+++ b/src/responder/kcm/kcmsrv_ccache_be.h -@@ -30,7 +30,9 @@ - #include "responder/kcm/kcmsrv_ccache.h" - - typedef errno_t --(*ccdb_init_fn)(struct kcm_ccdb *db); -+(*ccdb_init_fn)(struct kcm_ccdb *db, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path); - - typedef struct tevent_req * - (*ccdb_nextid_send_fn)(TALLOC_CTX *mem_ctx, -diff --git a/src/responder/kcm/kcmsrv_ccache_mem.c b/src/responder/kcm/kcmsrv_ccache_mem.c -index 38bc2050d..35955b2f4 100644 ---- a/src/responder/kcm/kcmsrv_ccache_mem.c -+++ b/src/responder/kcm/kcmsrv_ccache_mem.c -@@ -151,7 +151,9 @@ static int ccwrap_destructor(void *ptr) - return 0; - } - --static errno_t ccdb_mem_init(struct kcm_ccdb *db) -+static errno_t ccdb_mem_init(struct kcm_ccdb *db, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path) - { - struct ccdb_mem *memdb = NULL; - -diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c -index c68f53f97..d0d9a7e4c 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secdb.c -+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c -@@ -520,7 +520,9 @@ done: - return ret; - } - --static errno_t ccdb_secdb_init(struct kcm_ccdb *db) -+static errno_t ccdb_secdb_init(struct kcm_ccdb *db, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path) - { - struct ccdb_secdb *secdb = NULL; - errno_t ret; -@@ -530,8 +532,6 @@ static errno_t ccdb_secdb_init(struct kcm_ccdb *db) - return ENOMEM; - } - -- /* TODO: read configuration from the config file, adjust quotas */ -- - ret = sss_sec_init(db, NULL, &secdb->sctx); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, -diff --git a/src/responder/kcm/kcmsrv_ccache_secrets.c b/src/responder/kcm/kcmsrv_ccache_secrets.c -index 93be4fafa..6fa2a6dcc 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secrets.c -+++ b/src/responder/kcm/kcmsrv_ccache_secrets.c -@@ -659,7 +659,9 @@ static errno_t sec_get_ccache_recv(struct tevent_req *req, - /* - * The actual sssd-secrets back end - */ --static errno_t ccdb_sec_init(struct kcm_ccdb *db) -+static errno_t ccdb_sec_init(struct kcm_ccdb *db, -+ struct confdb_ctx *cdb, -+ const char *confdb_service_path) - { - struct ccdb_sec *secdb = NULL; - --- -2.20.1 - diff --git a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch new file mode 100644 index 0000000..a9a9d8e --- /dev/null +++ b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch @@ -0,0 +1,53 @@ +From 4bc0c2c7833dd643fc1137daf6519670c05c3736 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 23 Jan 2020 21:11:16 +0100 +Subject: [PATCH 21/23] sss_ptr_hash: fixed memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case `override` check was failed in _sss_ptr_hash_add() +`value` was leaking. +Fixed to do `override` check before value allocation. + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index bf111a613..114b6edeb 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -217,21 +217,21 @@ errno_t _sss_ptr_hash_add(hash_table_t *table, + return ERR_INVALID_DATA_TYPE; + } + ++ table_key.type = HASH_KEY_STRING; ++ table_key.str = discard_const_p(char, key); ++ ++ if (override == false && hash_has_key(table, &table_key)) { ++ return EEXIST; ++ } ++ + value = sss_ptr_hash_value_create(table, key, talloc_ptr); + if (value == NULL) { + return ENOMEM; + } + +- table_key.type = HASH_KEY_STRING; +- table_key.str = discard_const_p(char, key); +- + table_value.type = HASH_VALUE_PTR; + table_value.ptr = value; + +- if (override == false && hash_has_key(table, &table_key)) { +- return EEXIST; +- } +- + hret = hash_enter(table, &table_key, &table_value); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add key %s!\n", key); +-- +2.20.1 + diff --git a/SOURCES/0022-KCM-Configurable-quotas-for-the-secdb-ccache-back-en.patch b/SOURCES/0022-KCM-Configurable-quotas-for-the-secdb-ccache-back-en.patch deleted file mode 100644 index 495e3e2..0000000 --- a/SOURCES/0022-KCM-Configurable-quotas-for-the-secdb-ccache-back-en.patch +++ /dev/null @@ -1,179 +0,0 @@ -From f024b5e46b62ad49f0099ed8db8155e7ea475639 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 28 Nov 2018 21:22:22 +0100 -Subject: [PATCH 22/23] KCM: Configurable quotas for the secdb ccache back end -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/3386 - -Exposes three new options for the [kcm] responder to set the global -ccache limit, the per-uid ccache limit and the payload size. - -Reviewed-by: Michal Židek ---- - src/confdb/confdb.h | 3 ++ - src/config/cfg_rules.ini | 3 ++ - src/man/sssd-kcm.8.xml | 37 +++++++++++++++ - src/responder/kcm/kcmsrv_ccache_secdb.c | 61 ++++++++++++++++++++++++- - 4 files changed, 103 insertions(+), 1 deletion(-) - -diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h -index d09d6b4c3..727841659 100644 ---- a/src/confdb/confdb.h -+++ b/src/confdb/confdb.h -@@ -266,6 +266,9 @@ - #define CONFDB_KCM_CONF_ENTRY "config/kcm" - #define CONFDB_KCM_SOCKET "socket_path" - #define CONFDB_KCM_DB "ccache_storage" /* Undocumented on purpose */ -+#define CONFDB_KCM_MAX_CCACHES "max_ccaches" -+#define CONFDB_KCM_MAX_UID_CCACHES "max_uid_ccaches" -+#define CONFDB_KCM_MAX_CCACHE_SIZE "max_ccache_size" - - /* Certificate mapping rules */ - #define CONFDB_CERTMAP_BASEDN "cn=certmap,cn=config" -diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini -index 30040b595..59d6cc512 100644 ---- a/src/config/cfg_rules.ini -+++ b/src/config/cfg_rules.ini -@@ -312,6 +312,9 @@ option = description - option = socket_path - option = ccache_storage - option = responder_idle_timeout -+option = max_ccaches -+option = max_uid_ccaches -+option = max_ccache_size - - # Session recording - [rule/allowed_session_recording_options] -diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml -index 4e4aaa38e..2f66e56a4 100644 ---- a/src/man/sssd-kcm.8.xml -+++ b/src/man/sssd-kcm.8.xml -@@ -201,6 +201,43 @@ systemctl restart sssd-kcm.service - - - -+ -+ max_ccaches (integer) -+ -+ -+ How many credential caches does the KCM database allow -+ for all users. -+ -+ -+ Default: 0 (unlimited, only the per-UID quota is enforced) -+ -+ -+ -+ -+ max_uid_ccaches (integer) -+ -+ -+ How many credential caches does the KCM database allow -+ per UID. This is equivalent to with how many -+ principals you can kinit. -+ -+ -+ Default: 64 -+ -+ -+ -+ -+ max_ccache_size (integer) -+ -+ -+ How big can a credential cache be per ccache. Each -+ service ticket accounts into this quota. -+ -+ -+ Default: 65536 -+ -+ -+ - - - -diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c -index d0d9a7e4c..dc9cefb32 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secdb.c -+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c -@@ -526,13 +526,72 @@ static errno_t ccdb_secdb_init(struct kcm_ccdb *db, - { - struct ccdb_secdb *secdb = NULL; - errno_t ret; -+ struct sss_sec_hive_config **kcm_section_quota; -+ struct sss_sec_quota_opt dfl_kcm_nest_level = { -+ .opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, -+ .default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_secrets = { -+ .opt_name = CONFDB_KCM_MAX_CCACHES, -+ .default_value = DEFAULT_SEC_KCM_MAX_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_uid_secrets = { -+ .opt_name = CONFDB_KCM_MAX_UID_CCACHES, -+ .default_value = DEFAULT_SEC_KCM_MAX_UID_SECRETS, -+ }; -+ struct sss_sec_quota_opt dfl_kcm_max_payload_size = { -+ .opt_name = CONFDB_KCM_MAX_CCACHE_SIZE, -+ .default_value = DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE, -+ }; -+ - - secdb = talloc_zero(db, struct ccdb_secdb); - if (secdb == NULL) { - return ENOMEM; - } - -- ret = sss_sec_init(db, NULL, &secdb->sctx); -+ kcm_section_quota = talloc_zero_array(secdb, -+ struct sss_sec_hive_config *, -+ 2); -+ if (kcm_section_quota == NULL) { -+ talloc_free(secdb); -+ return ENOMEM; -+ } -+ -+ kcm_section_quota[0] = talloc_zero(kcm_section_quota, -+ struct sss_sec_hive_config); -+ if (kcm_section_quota == NULL) { -+ talloc_free(secdb); -+ return ENOMEM; -+ } -+ kcm_section_quota[0]->hive_name = "kcm"; -+ -+ ret = sss_sec_get_quota(cdb, -+ confdb_service_path, -+ &dfl_kcm_nest_level, -+ &dfl_kcm_max_secrets, -+ &dfl_kcm_max_uid_secrets, -+ &dfl_kcm_max_payload_size, -+ &kcm_section_quota[0]->quota); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, -+ "Failed to get KCM global quotas [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ talloc_free(secdb); -+ return ret; -+ } -+ -+ if (kcm_section_quota[0]->quota.max_uid_secrets > 0) { -+ /* Even cn=default is considered a secret that adds up to -+ * the quota. To avoid off-by-one-confusion, increase -+ * the quota by two to 1) account for the cn=default object -+ * and 2) always allow writing to cn=defaults even if we -+ * are exactly at the quota limit -+ */ -+ kcm_section_quota[0]->quota.max_uid_secrets += 2; -+ } -+ -+ ret = sss_sec_init(db, kcm_section_quota, &secdb->sctx); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot initialize the security database\n"); --- -2.20.1 - diff --git a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch new file mode 100644 index 0000000..c58fbd8 --- /dev/null +++ b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch @@ -0,0 +1,366 @@ +From 0bb1289252eec972ea26721a92adc7db47383f76 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Fri, 24 Jan 2020 23:57:39 +0100 +Subject: [PATCH 22/23] sss_ptr_hash: internal refactoring +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +sss_ptr_hash code was refactored: + - got rid of a "spy" to make logic cleaner + - table got destructor to wipe its content + - described some usage limitation in the documentation + +And resolves: https://pagure.io/SSSD/sssd/issue/4135 + +Reviewed-by: Pavel Březina +--- + src/util/sss_ptr_hash.c | 183 +++++++++++++++++----------------------- + src/util/sss_ptr_hash.h | 17 +++- + 2 files changed, 91 insertions(+), 109 deletions(-) + +diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c +index 114b6edeb..6409236c7 100644 +--- a/src/util/sss_ptr_hash.c ++++ b/src/util/sss_ptr_hash.c +@@ -39,67 +39,35 @@ static bool sss_ptr_hash_check_type(void *ptr, const char *type) + return true; + } + ++static int sss_ptr_hash_table_destructor(hash_table_t *table) ++{ ++ sss_ptr_hash_delete_all(table, false); ++ return 0; ++} ++ + struct sss_ptr_hash_delete_data { + hash_delete_callback *callback; + void *pvt; + }; + + struct sss_ptr_hash_value { +- struct sss_ptr_hash_spy *spy; +- void *ptr; +-}; +- +-struct sss_ptr_hash_spy { +- struct sss_ptr_hash_value *value; + hash_table_t *table; + const char *key; ++ void *payload; + }; + +-static int +-sss_ptr_hash_spy_destructor(struct sss_ptr_hash_spy *spy) +-{ +- spy->value->spy = NULL; +- +- /* This results in removing entry from hash table and freeing the value. */ +- sss_ptr_hash_delete(spy->table, spy->key, false); +- +- return 0; +-} +- +-static struct sss_ptr_hash_spy * +-sss_ptr_hash_spy_create(TALLOC_CTX *mem_ctx, +- hash_table_t *table, +- const char *key, +- struct sss_ptr_hash_value *value) +-{ +- struct sss_ptr_hash_spy *spy; +- +- spy = talloc_zero(mem_ctx, struct sss_ptr_hash_spy); +- if (spy == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n"); +- return NULL; +- } +- +- spy->key = talloc_strdup(spy, key); +- if (spy->key == NULL) { +- talloc_free(spy); +- return NULL; +- } +- +- spy->table = table; +- spy->value = value; +- talloc_set_destructor(spy, sss_ptr_hash_spy_destructor); +- +- return spy; +-} +- + static int + sss_ptr_hash_value_destructor(struct sss_ptr_hash_value *value) + { +- if (value->spy != NULL) { +- /* Disable spy destructor and free it. */ +- talloc_set_destructor(value->spy, NULL); +- talloc_zfree(value->spy); ++ hash_key_t table_key; ++ ++ if (value->table && value->key) { ++ table_key.type = HASH_KEY_STRING; ++ table_key.str = discard_const_p(char, value->key); ++ if (hash_delete(value->table, &table_key) != HASH_SUCCESS) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "failed to delete entry with key '%s'\n", value->key); ++ } + } + + return 0; +@@ -112,18 +80,19 @@ sss_ptr_hash_value_create(hash_table_t *table, + { + struct sss_ptr_hash_value *value; + +- value = talloc_zero(table, struct sss_ptr_hash_value); ++ value = talloc_zero(talloc_ptr, struct sss_ptr_hash_value); + if (value == NULL) { + return NULL; + } + +- value->spy = sss_ptr_hash_spy_create(talloc_ptr, table, key, value); +- if (value->spy == NULL) { ++ value->key = talloc_strdup(value, key); ++ if (value->key == NULL) { + talloc_free(value); + return NULL; + } + +- value->ptr = talloc_ptr; ++ value->table = table; ++ value->payload = talloc_ptr; + talloc_set_destructor(value, sss_ptr_hash_value_destructor); + + return value; +@@ -138,29 +107,31 @@ sss_ptr_hash_delete_cb(hash_entry_t *item, + struct sss_ptr_hash_value *value; + struct hash_entry_t callback_entry; + ++ if (pvt == NULL) { ++ return; ++ } ++ + value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n"); + return; + } + ++ /* Switch to the input value and call custom callback. */ ++ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); ++ if (data == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); ++ return; ++ } ++ + callback_entry.key = item->key; + callback_entry.value.type = HASH_VALUE_PTR; +- callback_entry.value.ptr = value->ptr; +- +- /* Free value, this also will disable spy */ +- talloc_free(value); +- +- if (pvt != NULL) { +- /* Switch to the input value and call custom callback. */ +- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data); +- if (data == NULL) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n"); +- return; +- } +- +- data->callback(&callback_entry, deltype, data->pvt); +- } ++ callback_entry.value.ptr = value->payload; ++ /* Even if execution is already in the context of ++ * talloc_free(payload) -> talloc_free(value) -> ... ++ * there still might be legitimate reasons to execute callback. ++ */ ++ data->callback(&callback_entry, deltype, data->pvt); + } + + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, +@@ -194,6 +165,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + talloc_steal(table, data); + } + ++ talloc_set_destructor(table, sss_ptr_hash_table_destructor); ++ + return table; + } + +@@ -282,15 +255,15 @@ void *_sss_ptr_hash_lookup(hash_table_t *table, + struct sss_ptr_hash_value *value; + + value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL || value->ptr == NULL) { ++ if (value == NULL || value->payload == NULL) { + return NULL; + } + +- if (!sss_ptr_hash_check_type(value->ptr, type)) { ++ if (!sss_ptr_hash_check_type(value->payload, type)) { + return NULL; + } + +- return value->ptr; ++ return value->payload; + } + + void *_sss_ptr_get_value(hash_value_t *table_value, +@@ -311,11 +284,11 @@ void *_sss_ptr_get_value(hash_value_t *table_value, + + value = table_value->ptr; + +- if (!sss_ptr_hash_check_type(value->ptr, type)) { ++ if (!sss_ptr_hash_check_type(value->payload, type)) { + return NULL; + } + +- return value->ptr; ++ return value->payload; + } + + void sss_ptr_hash_delete(hash_table_t *table, +@@ -323,74 +296,70 @@ void sss_ptr_hash_delete(hash_table_t *table, + bool free_value) + { + struct sss_ptr_hash_value *value; +- hash_key_t table_key; +- int hret; +- void *payload; ++ void *payload = NULL; + + if (table == NULL || key == NULL) { + return; + } + +- if (free_value) { +- value = sss_ptr_hash_lookup_internal(table, key); +- if (value == NULL) { +- free_value = false; +- } else { +- payload = value->ptr; +- } +- } +- +- table_key.type = HASH_KEY_STRING; +- table_key.str = discard_const_p(char, key); +- +- /* Delete table entry. This will free value and spy in delete callback. */ +- hret = hash_delete(table, &table_key); +- if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) { +- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove key from table [%d]\n", +- hret); ++ value = sss_ptr_hash_lookup_internal(table, key); ++ if (value == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Unable to remove key '%s' from table\n", key); ++ return; + } + +- /* Also free the original value if requested. */ + if (free_value) { +- talloc_free(payload); ++ payload = value->payload; + } + ++ talloc_free(value); /* this will call hash_delete() in value d-tor */ ++ ++ talloc_free(payload); /* it is safe to call talloc_free(NULL) */ ++ + return; + } + + void sss_ptr_hash_delete_all(hash_table_t *table, + bool free_values) + { ++ hash_value_t *content; + struct sss_ptr_hash_value *value; +- hash_value_t *values; ++ void *payload = NULL; + unsigned long count; + unsigned long i; + int hret; +- void *ptr; + + if (table == NULL) { + return; + } + +- hret = hash_values(table, &count, &values); ++ hret = hash_values(table, &count, &content); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get values [%d]\n", hret); + return; + } + +- for (i = 0; i < count; i++) { +- value = values[i].ptr; +- ptr = value->ptr; +- +- /* This will remove the entry from hash table and free value. */ +- talloc_free(value->spy); +- +- if (free_values) { +- /* Also free the original value. */ +- talloc_free(ptr); ++ for (i = 0; i < count; ++i) { ++ if ((content[i].type == HASH_VALUE_PTR) && ++ sss_ptr_hash_check_type(content[i].ptr, ++ "struct sss_ptr_hash_value")) { ++ value = content[i].ptr; ++ if (free_values) { ++ payload = value->payload; ++ } ++ talloc_free(value); ++ if (free_values) { ++ talloc_free(payload); /* it's safe to call talloc_free(NULL) */ ++ } ++ } else { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Unexpected type of table content, skipping"); + } + } + ++ talloc_free(content); ++ + return; + } + +diff --git a/src/util/sss_ptr_hash.h b/src/util/sss_ptr_hash.h +index 56bb19a65..0889b171a 100644 +--- a/src/util/sss_ptr_hash.h ++++ b/src/util/sss_ptr_hash.h +@@ -28,7 +28,19 @@ + + /** + * Create a new hash table with string key and talloc pointer value with +- * possible delete callback. ++ * possible custom delete callback @del_cb. ++ * Table will have destructor setup to wipe content. ++ * Never call hash_destroy(table) and hash_delete() explicitly but rather ++ * use talloc_free(table) and sss_ptr_hash_delete(). ++ * ++ * A notes about @del_cb: ++ * - this callback must never modify hash table (i.e. add/del entries); ++ * - this callback is triggered when value is either explicitly removed ++ * from the table or simply freed (latter leads to removal of an entry ++ * from the table); ++ * - this callback is also triggered for every entry when table is freed ++ * entirely. In this case (deltype == HASH_TABLE_DESTROY) any table ++ * lookups / iteration are forbidden as table might be already invalidated. + */ + hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + hash_delete_callback *del_cb, +@@ -41,7 +53,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx, + * the value is overridden. Otherwise EEXIST error is returned. + * + * If talloc_ptr is freed the key and value are automatically +- * removed from the hash table. ++ * removed from the hash table (del_cb that was set up during ++ * table creation is executed as a first step of this removal). + * + * @return EOK If the <@key, @talloc_ptr> pair was inserted. + * @return EEXIST If @key already exists and @override is false. +-- +2.20.1 + diff --git a/SOURCES/0023-MAN-Document-that-PAM-stack-contains-the-systemd-use.patch b/SOURCES/0023-MAN-Document-that-PAM-stack-contains-the-systemd-use.patch deleted file mode 100644 index 24d44c3..0000000 --- a/SOURCES/0023-MAN-Document-that-PAM-stack-contains-the-systemd-use.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 820151f3813f08c704cb87a99988fe39f9f48a8d Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Thu, 4 Jul 2019 10:22:25 +0200 -Subject: [PATCH] MAN: Document that PAM stack contains the systemd-user - service in the account phase in RHEL-8 - -Resolves: -https://pagure.io/SSSD/sssd/issue/3932 - -Reviewed-by: Tomas Halman ---- - src/man/sssd-ldap.5.xml | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml -index c205aea64..aca0f9e72 100644 ---- a/src/man/sssd-ldap.5.xml -+++ b/src/man/sssd-ldap.5.xml -@@ -834,6 +834,14 @@ - ldap_user_authorized_service option - to work. - -+ -+ Some distributions (such as Fedora-29+ or RHEL-8) -+ always include the systemd-user PAM -+ service as part of the login process. Therefore when -+ using service-based access control, the -+ systemd-user service might need to be -+ added to the list of allowed services. -+ - - Default: authorizedService - --- -2.20.1 - diff --git a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch new file mode 100644 index 0000000..1640cf7 --- /dev/null +++ b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch @@ -0,0 +1,266 @@ +From 88b23bf50dd1c12413f3314639de2c3909bd9098 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Tue, 28 Jan 2020 19:26:08 +0100 +Subject: [PATCH 23/23] TESTS: added sss_ptr_hash unit test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Pavel Březina +--- + Makefile.am | 1 + + src/tests/cmocka/test_sss_ptr_hash.c | 193 +++++++++++++++++++++++++++ + src/tests/cmocka/test_utils.c | 9 ++ + src/tests/cmocka/test_utils.h | 6 + + 4 files changed, 209 insertions(+) + create mode 100644 src/tests/cmocka/test_sss_ptr_hash.c + +diff --git a/Makefile.am b/Makefile.am +index 57ba51356..c991f2aa0 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -3054,6 +3054,7 @@ test_ipa_idmap_LDADD = \ + test_utils_SOURCES = \ + src/tests/cmocka/test_utils.c \ + src/tests/cmocka/test_string_utils.c \ ++ src/tests/cmocka/test_sss_ptr_hash.c \ + src/p11_child/p11_child_common_utils.c \ + $(NULL) + if BUILD_SSH +diff --git a/src/tests/cmocka/test_sss_ptr_hash.c b/src/tests/cmocka/test_sss_ptr_hash.c +new file mode 100644 +index 000000000..1458238f5 +--- /dev/null ++++ b/src/tests/cmocka/test_sss_ptr_hash.c +@@ -0,0 +1,193 @@ ++/* ++ Copyright (C) 2020 Red Hat ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#include "tests/cmocka/common_mock.h" ++#include "util/sss_ptr_hash.h" ++ ++static const int MAX_ENTRIES_AMOUNT = 5; ++ ++static void populate_table(hash_table_t *table, int **payloads) ++{ ++ char key[2] = {'z', 0}; ++ ++ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) { ++ payloads[i] = talloc_zero(global_talloc_context, int); ++ assert_non_null(payloads[i]); ++ *payloads[i] = i; ++ key[0] = '0'+(char)i; ++ assert_int_equal(sss_ptr_hash_add(table, key, payloads[i], int), 0); ++ } ++ ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT); ++} ++ ++static void free_payload_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt) ++{ ++ int *counter; ++ ++ assert_non_null(item); ++ assert_non_null(item->value.ptr); ++ talloc_zfree(item->value.ptr); ++ ++ assert_non_null(pvt); ++ counter = (int *)pvt; ++ (*counter)++; ++} ++ ++void test_sss_ptr_hash_with_free_cb(void **state) ++{ ++ hash_table_t *table; ++ int free_counter = 0; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ table = sss_ptr_hash_create(global_talloc_context, ++ free_payload_cb, ++ &free_counter); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ /* check explicit removal from the hash */ ++ sss_ptr_hash_delete(table, "1", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ assert_int_equal(free_counter, 1); ++ ++ /* check implicit removal triggered by payload deletion */ ++ talloc_free(payloads[3]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ assert_int_equal(free_counter, 2); ++ ++ /* try to remove non existent entry */ ++ sss_ptr_hash_delete(table, "q", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ assert_int_equal(free_counter, 2); ++ ++ /* clear all */ ++ sss_ptr_hash_delete_all(table, false); ++ assert_int_equal((int)hash_count(table), 0); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT); ++ ++ /* check that table is still operable */ ++ populate_table(table, payloads); ++ sss_ptr_hash_delete(table, "2", false); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT+1); ++ ++ talloc_free(table); ++ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT*2); ++} ++ ++struct table_wrapper ++{ ++ hash_table_t **table; ++}; ++ ++static void lookup_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt) ++{ ++ hash_table_t *table; ++ hash_key_t *keys; ++ unsigned long count; ++ int *value = NULL; ++ int sum = 0; ++ ++ assert_non_null(pvt); ++ table = *((struct table_wrapper *)pvt)->table; ++ assert_non_null(table); ++ ++ if (type == HASH_TABLE_DESTROY) { ++ /* table is being destroyed */ ++ return; ++ } ++ ++ assert_int_equal(hash_keys(table, &count, &keys), HASH_SUCCESS); ++ for (unsigned int i = 0; i < count; ++i) { ++ assert_int_equal(keys[i].type, HASH_KEY_STRING); ++ value = sss_ptr_hash_lookup(table, keys[i].c_str, int); ++ assert_non_null(value); ++ sum += *value; ++ } ++ DEBUG(SSSDBG_TRACE_ALL, "sum of all values = %d\n", sum); ++ talloc_free(keys); ++} ++ ++/* main difference with `test_sss_ptr_hash_with_free_cb()` ++ * is that table cb here doesn't delete payload so ++ * this is requested via `free_value(s)` arg ++ */ ++void test_sss_ptr_hash_with_lookup_cb(void **state) ++{ ++ hash_table_t *table; ++ struct table_wrapper wrapper; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ wrapper.table = &table; ++ table = sss_ptr_hash_create(global_talloc_context, ++ lookup_cb, ++ &wrapper); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ /* check explicit removal from the hash */ ++ sss_ptr_hash_delete(table, "2", true); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ ++ /* check implicit removal triggered by payload deletion */ ++ talloc_free(payloads[0]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ ++ /* clear all */ ++ sss_ptr_hash_delete_all(table, true); ++ assert_int_equal((int)hash_count(table), 0); ++ /* teardown function shall verify there are no leaks ++ * on global_talloc_context and so that payloads[] were freed ++ */ ++ ++ /* check that table is still operable */ ++ populate_table(table, payloads); ++ ++ talloc_free(table); ++ /* d-tor triggers hash_destroy() but since cb here doesn free payload ++ * this should be done manually ++ */ ++ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) { ++ talloc_free(payloads[i]); ++ } ++} ++ ++/* Just smoke test to verify that absence of cb doesn't break anything */ ++void test_sss_ptr_hash_without_cb(void **state) ++{ ++ hash_table_t *table; ++ int *payloads[MAX_ENTRIES_AMOUNT]; ++ ++ table = sss_ptr_hash_create(global_talloc_context, NULL, NULL); ++ assert_non_null(table); ++ ++ populate_table(table, payloads); ++ ++ sss_ptr_hash_delete(table, "4", true); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1); ++ ++ talloc_free(payloads[1]); ++ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2); ++ ++ sss_ptr_hash_delete_all(table, true); ++ assert_int_equal((int)hash_count(table), 0); ++ ++ talloc_free(table); ++} +diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c +index 666f32903..c5eda4dd2 100644 +--- a/src/tests/cmocka/test_utils.c ++++ b/src/tests/cmocka/test_utils.c +@@ -2055,6 +2055,15 @@ int main(int argc, const char *argv[]) + cmocka_unit_test_setup_teardown(test_sss_get_domain_mappings_content, + setup_dom_list_with_subdomains, + teardown_dom_list), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_free_cb, ++ setup_leak_tests, ++ teardown_leak_tests), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_lookup_cb, ++ setup_leak_tests, ++ teardown_leak_tests), ++ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb, ++ setup_leak_tests, ++ teardown_leak_tests), + }; + + /* Set debug level to invalid value so we can decide if -d 0 was used. */ +diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h +index e93e0da25..44b9479f9 100644 +--- a/src/tests/cmocka/test_utils.h ++++ b/src/tests/cmocka/test_utils.h +@@ -33,4 +33,10 @@ void test_guid_blob_to_string_buf(void **state); + void test_get_last_x_chars(void **state); + void test_concatenate_string_array(void **state); + ++/* from src/tests/cmocka/test_sss_ptr_hash.c */ ++void test_sss_ptr_hash_with_free_cb(void **state); ++void test_sss_ptr_hash_with_lookup_cb(void **state); ++void test_sss_ptr_hash_without_cb(void **state); ++ ++ + #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */ +-- +2.20.1 + diff --git a/SOURCES/0024-Don-t-qualify-users-from-files-domain-when-default_d.patch b/SOURCES/0024-Don-t-qualify-users-from-files-domain-when-default_d.patch deleted file mode 100644 index c288f24..0000000 --- a/SOURCES/0024-Don-t-qualify-users-from-files-domain-when-default_d.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 41da9ddfd084024ba9ca20b6d3c0b531c0473231 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 2 Aug 2019 12:07:51 +0200 -Subject: [PATCH] Don't qualify users from files domain when - default_domain_suffix is set -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Resolves: -https://pagure.io/SSSD/sssd/issue/4052 - -The files domain should always be non-qualified. The usual rules like -qualification of all domains except the one set with -default_domain_suffix should not apply. - -Reviewed-by: Michal Židek ---- - src/confdb/confdb.c | 7 ++++-- - src/man/sssd.conf.5.xml | 8 ++++++- - src/tests/intg/test_files_provider.py | 31 +++++++++++++++++++++++++++ - 3 files changed, 43 insertions(+), 3 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index f6fdbc3aa..be65310dc 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1049,7 +1049,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - - /* Determine if user/group names will be Fully Qualified - * in NSS interfaces */ -- if (default_domain != NULL) { -+ if (default_domain != NULL -+ && is_files_provider(domain) == false) { - DEBUG(SSSDBG_CONF_SETTINGS, - "Default domain suffix set. Changing default for " - "use_fully_qualified_names to True.\n"); -@@ -1064,7 +1065,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - goto done; - } - -- if (default_domain != NULL && domain->fqnames == false) { -+ if (default_domain != NULL -+ && domain->fqnames == false -+ && is_files_provider(domain) == false) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Invalid configuration detected (default_domain_suffix is used " - "while use_fully_qualified_names was set to false).\n"); -diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml -index 304a6a170..c81012357 100644 ---- a/src/man/sssd.conf.5.xml -+++ b/src/man/sssd.conf.5.xml -@@ -412,7 +412,13 @@ - to log in. Setting this option changes default - of use_fully_qualified_names to True. It is not - allowed to use this option together with -- use_fully_qualified_names set to False. -+ use_fully_qualified_names set to False. One -+ exception from this rule are domains with -+ id_provider=files that always try -+ to match the behaviour of nss_files -+ and therefore their output is not -+ qualified even when the default_domain_suffix -+ option is used. - - - Default: not set -diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py -index 784bfa91f..9f3aad994 100644 ---- a/src/tests/intg/test_files_provider.py -+++ b/src/tests/intg/test_files_provider.py -@@ -310,6 +310,22 @@ def domain_resolution_order(request): - return None - - -+@pytest.fixture -+def default_domain_suffix(request): -+ conf = unindent("""\ -+ [sssd] -+ domains = files -+ services = nss -+ default_domain_suffix = foo -+ -+ [domain/files] -+ id_provider = files -+ """).format(**locals()) -+ create_conf_fixture(request, conf) -+ create_sssd_fixture(request) -+ return None -+ -+ - @pytest.fixture - def override_homedir_and_shell(request): - conf = unindent("""\ -@@ -1206,6 +1222,21 @@ def test_files_with_domain_resolution_order(add_user_with_canary, - check_user(USER1) - - -+def test_files_with_default_domain_suffix(add_user_with_canary, -+ default_domain_suffix): -+ """ -+ Test that when using domain_resolution_order the user won't be using -+ its fully-qualified name. -+ """ -+ ret = poll_canary(call_sssd_getpwuid, CANARY["uid"]) -+ if ret is False: -+ return NssReturnCode.NOTFOUND, None -+ -+ res, found_user = call_sssd_getpwuid(USER1["uid"]) -+ assert res == NssReturnCode.SUCCESS -+ assert found_user == USER1 -+ -+ - def test_files_with_override_homedir(add_user_with_canary, - override_homedir_and_shell): - res, user = sssd_getpwnam_sync(USER1["name"]) --- -2.20.1 - diff --git a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch new file mode 100644 index 0000000..e31740a --- /dev/null +++ b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch @@ -0,0 +1,86 @@ +From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 30 Jan 2020 13:14:14 +0100 +Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some implementations of C_WaitForSlotEvent() might return even if no +card was inserted. So it has to be checked if a card is really present. + +Resolves: https://pagure.io/SSSD/sssd/issue/4159 + +Reviewed-by: Pavel Březina +--- + src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 22 deletions(-) + +diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c +index 56601b117..295715612 100644 +--- a/src/p11_child/p11_child_openssl.c ++++ b/src/p11_child/p11_child_openssl.c +@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id) + CK_RV rv; + CK_SLOT_INFO info; + +- rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); +- if (rv != CKR_OK) { +- if (rv != CKR_FUNCTION_NOT_SUPPORTED) { ++ do { ++ rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); ++ if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) { + DEBUG(SSSDBG_OP_FAILURE, + "C_WaitForSlotEvent failed [%lu][%s].\n", + rv, p11_kit_strerror(rv)); + return EIO; + } + +- /* Poor man's wait */ +- do { ++ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { ++ /* Poor man's wait */ + sleep(10); +- rv = module->C_GetSlotInfo(*slot_id, &info); +- if (rv != CKR_OK) { +- DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); +- return EIO; +- } +- DEBUG(SSSDBG_TRACE_ALL, +- "Description [%s] Manufacturer [%s] flags [%lu] " +- "removable [%s] token present [%s].\n", +- info.slotDescription, info.manufacturerID, info.flags, +- (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", +- (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); +- if ((info.flags & CKF_REMOVABLE_DEVICE) +- && (info.flags & CKF_TOKEN_PRESENT)) { +- break; +- } +- } while (true); +- } ++ } ++ ++ rv = module->C_GetSlotInfo(*slot_id, &info); ++ if (rv != CKR_OK) { ++ DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); ++ return EIO; ++ } ++ DEBUG(SSSDBG_TRACE_ALL, ++ "Description [%s] Manufacturer [%s] flags [%lu] " ++ "removable [%s] token present [%s].\n", ++ info.slotDescription, info.manufacturerID, info.flags, ++ (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", ++ (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); ++ ++ /* Check if really a token is present */ ++ if ((info.flags & CKF_REMOVABLE_DEVICE) ++ && (info.flags & CKF_TOKEN_PRESENT)) { ++ break; ++ } ++ } while (true); + + return EOK; + } +-- +2.20.1 + diff --git a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch new file mode 100644 index 0000000..0127ff5 --- /dev/null +++ b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch @@ -0,0 +1,37 @@ +From 37780b895199bab991edae6b1eeb91b7b3966bcf Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 6 Feb 2020 14:50:23 +0100 +Subject: [PATCH 25/25] PAM client: only require UID 0 for private socket +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some privileged services like e.g. gdm might only call with UID 0 but +with a different GID. This patch removes the GID 0 requirement to access +to private PAM socket so that e.g. gdm can use the wait-for-card option. + +Resolves: https://pagure.io/SSSD/sssd/issue/4159 + +Reviewed-by: Pavel Březina +--- + src/sss_client/common.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sss_client/common.c b/src/sss_client/common.c +index 270ca8b54..902438c86 100644 +--- a/src/sss_client/common.c ++++ b/src/sss_client/common.c +@@ -910,8 +910,8 @@ int sss_pam_make_request(enum sss_cli_command cmd, + goto out; + } + +- /* only root shall use the privileged pipe */ +- if (getuid() == 0 && getgid() == 0) { ++ /* only UID 0 shall use the privileged pipe */ ++ if (getuid() == 0) { + socket_name = SSS_PAM_PRIV_SOCKET_NAME; + errno = 0; + statret = stat(socket_name, &stat_buf); +-- +2.20.1 + diff --git a/SOURCES/0025-pam-fix-loop-in-Smartcard-authentication.patch b/SOURCES/0025-pam-fix-loop-in-Smartcard-authentication.patch deleted file mode 100644 index d193fb7..0000000 --- a/SOURCES/0025-pam-fix-loop-in-Smartcard-authentication.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 5574de0f87e72d85547add9a48f9ac0def27f47d Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Fri, 2 Aug 2019 13:43:49 +0200 -Subject: [PATCH] pam: fix loop in Smartcard authentication - -If 'try_cert_auth' or 'require_cert_auth' options are used and a wrong -PIN is entered the PAM responder might end in an endless loop. This -patch uses a flag to avoid the loop and makes sure that during -authentication the error code causing the loop is not returned. - -Related to https://pagure.io/SSSD/sssd/issue/4051 - -Reviewed-by: Jakub Hrozek ---- - src/responder/pam/pamsrv_cmd.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c -index 89bdb78a1..72412204b 100644 ---- a/src/responder/pam/pamsrv_cmd.c -+++ b/src/responder/pam/pamsrv_cmd.c -@@ -814,6 +814,7 @@ static void pam_reply(struct pam_auth_req *preq) - pd->pam_status, pam_strerror(NULL, pd->pam_status)); - - if (pd->cmd == SSS_PAM_AUTHENTICATE -+ && !preq->cert_auth_local - && (pd->pam_status == PAM_AUTHINFO_UNAVAIL - || pd->pam_status == PAM_NO_MODULE_DATA - || pd->pam_status == PAM_BAD_ITEM) -@@ -1475,7 +1476,8 @@ static void pam_forwarder_cert_cb(struct tevent_req *req) - "No certificate found and no logon name given, " \ - "authentication not possible.\n"); - ret = ENOENT; -- } else if (pd->cli_flags & PAM_CLI_FLAGS_TRY_CERT_AUTH) { -+ } else if (pd->cmd == SSS_PAM_PREAUTH -+ && (pd->cli_flags & PAM_CLI_FLAGS_TRY_CERT_AUTH)) { - DEBUG(SSSDBG_TRACE_ALL, - "try_cert_auth flag set but no certificate available, " - "request finished.\n"); --- -2.20.1 - diff --git a/SOURCES/0026-SYSDB-Add-sysdb_search_with_ts_attr.patch b/SOURCES/0026-SYSDB-Add-sysdb_search_with_ts_attr.patch deleted file mode 100644 index e0d1c3c..0000000 --- a/SOURCES/0026-SYSDB-Add-sysdb_search_with_ts_attr.patch +++ /dev/null @@ -1,592 +0,0 @@ -From f46afb46a1705d41e21451cd0adf6981936b21c1 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 28 May 2019 14:56:05 +0200 -Subject: [PATCH 26/48] SYSDB: Add sysdb_search_with_ts_attr - -Adds a new public sysdb call sysdb_search_with_ts_attr() that allows to -search on the timestamp cache attributes, but merge back persistent -cache attributes. The converse also works, when searching the persistent -cache the timestamp attributes or even entries matches only in the -timestamp cache are merged. - -What does not work is AND-ed complex filter that contains both -attributes from the timestamp cache and the persistent cache because -the searches use the same filter, which doesn't match. We would need to -decompose the filter ourselves. - -Because matching and merging the results can be time-consuming, two -flags are provided: - SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER that only searches the timestamp - cache, but merges back the corresponding entries from the persistent - cache - SYSDB_SEARCH_WITH_TS_ONLY_SYSDB_FILTER that only searches the - persistent cache but merges back the attributes from the timestamp - cache - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/db/sysdb.h | 12 ++ - src/db/sysdb_ops.c | 16 +- - src/db/sysdb_private.h | 10 ++ - src/db/sysdb_search.c | 231 +++++++++++++++++++++++-- - src/tests/cmocka/test_sysdb_ts_cache.c | 198 +++++++++++++++++++++ - 5 files changed, 446 insertions(+), 21 deletions(-) - -diff --git a/src/db/sysdb.h b/src/db/sysdb.h -index 89b0d9571..28801e030 100644 ---- a/src/db/sysdb.h -+++ b/src/db/sysdb.h -@@ -1181,6 +1181,18 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, - size_t *msgs_count, - struct ldb_message ***msgs); - -+#define SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER 0x0001 -+#define SYSDB_SEARCH_WITH_TS_ONLY_SYSDB_FILTER 0x0002 -+ -+errno_t sysdb_search_with_ts_attr(TALLOC_CTX *mem_ctx, -+ struct sss_domain_info *domain, -+ struct ldb_dn *base_dn, -+ enum ldb_scope scope, -+ int optflags, -+ const char *filter, -+ const char *attrs[], -+ struct ldb_result **_result); -+ - int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *sub_filter, -diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c -index 59fb227a4..55ba62140 100644 ---- a/src/db/sysdb_ops.c -+++ b/src/db/sysdb_ops.c -@@ -261,14 +261,14 @@ done: - - /* =Search-Entry========================================================== */ - --static int sysdb_cache_search_entry(TALLOC_CTX *mem_ctx, -- struct ldb_context *ldb, -- struct ldb_dn *base_dn, -- enum ldb_scope scope, -- const char *filter, -- const char **attrs, -- size_t *_msgs_count, -- struct ldb_message ***_msgs) -+int sysdb_cache_search_entry(TALLOC_CTX *mem_ctx, -+ struct ldb_context *ldb, -+ struct ldb_dn *base_dn, -+ enum ldb_scope scope, -+ const char *filter, -+ const char **attrs, -+ size_t *_msgs_count, -+ struct ldb_message ***_msgs) - { - TALLOC_CTX *tmp_ctx; - struct ldb_result *res; -diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h -index 58544d826..53603b30e 100644 ---- a/src/db/sysdb_private.h -+++ b/src/db/sysdb_private.h -@@ -252,6 +252,16 @@ errno_t sysdb_merge_msg_list_ts_attrs(struct sysdb_ctx *ctx, - struct ldb_result *sss_merge_ldb_results(struct ldb_result *res, - struct ldb_result *subres); - -+/* Search Entry in an ldb cache */ -+int sysdb_cache_search_entry(TALLOC_CTX *mem_ctx, -+ struct ldb_context *ldb, -+ struct ldb_dn *base_dn, -+ enum ldb_scope scope, -+ const char *filter, -+ const char **attrs, -+ size_t *_msgs_count, -+ struct ldb_message ***_msgs); -+ - /* Search Entry in the timestamp cache */ - int sysdb_search_ts_entry(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, -diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c -index f0918bf9a..a71c43112 100644 ---- a/src/db/sysdb_search.c -+++ b/src/db/sysdb_search.c -@@ -68,6 +68,29 @@ static errno_t merge_ts_attr(struct ldb_message *ts_msg, - return EOK; - } - -+static errno_t merge_all_ts_attrs(struct ldb_message *ts_msg, -+ struct ldb_message *sysdb_msg, -+ const char *want_attrs[]) -+{ -+ int ret; -+ -+ /* Deliberately start from 2 in order to not merge -+ * objectclass/objectcategory and avoid breaking MPGs where the OC might -+ * be made up -+ */ -+ for (size_t c = 2; sysdb_ts_cache_attrs[c]; c++) { -+ ret = merge_ts_attr(ts_msg, sysdb_msg, -+ sysdb_ts_cache_attrs[c], want_attrs); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot merge ts attr %s\n", sysdb_ts_cache_attrs[c]); -+ return ret; -+ } -+ } -+ -+ return EOK; -+} -+ - static errno_t merge_msg_ts_attrs(struct sysdb_ctx *sysdb, - struct ldb_message *sysdb_msg, - const char *attrs[]) -@@ -114,21 +137,46 @@ static errno_t merge_msg_ts_attrs(struct sysdb_ctx *sysdb, - return EIO; - } - -- /* Deliberately start from 2 in order to not merge -- * objectclass/objectcategory and avoid breaking MPGs where the OC might -- * be made up -- */ -- for (size_t c = 2; sysdb_ts_cache_attrs[c]; c++) { -- ret = merge_ts_attr(ts_msgs[0], sysdb_msg, -- sysdb_ts_cache_attrs[c], attrs); -- if (ret != EOK) { -- DEBUG(SSSDBG_MINOR_FAILURE, -- "Cannot merge ts attr %s\n", sysdb_ts_cache_attrs[c]); -- goto done; -- } -+ ret = merge_all_ts_attrs(ts_msgs[0], sysdb_msg, attrs); -+done: -+ talloc_zfree(tmp_ctx); -+ return ret; -+} -+ -+static errno_t merge_msg_sysdb_attrs(TALLOC_CTX *mem_ctx, -+ struct sysdb_ctx *sysdb, -+ struct ldb_message *ts_msg, -+ struct ldb_message **_sysdb_msg, -+ const char *attrs[]) -+{ -+ errno_t ret; -+ TALLOC_CTX *tmp_ctx; -+ size_t msgs_count; -+ struct ldb_message **sysdb_msgs; -+ -+ tmp_ctx = talloc_new(NULL); -+ if (tmp_ctx == NULL) { -+ return ENOMEM; - } - -- ret = EOK; -+ ret = sysdb_cache_search_entry(tmp_ctx, sysdb->ldb, ts_msg->dn, LDB_SCOPE_BASE, -+ NULL, attrs, &msgs_count, &sysdb_msgs); -+ if (ret != EOK) { -+ goto done; -+ } -+ -+ if (msgs_count != 1) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "Expected 1 result for base search, got %zu\n", msgs_count); -+ goto done; -+ } -+ -+ ret = merge_all_ts_attrs(ts_msg, sysdb_msgs[0], attrs); -+ if (ret != EOK) { -+ goto done; -+ } -+ -+ *_sysdb_msg = talloc_steal(mem_ctx, sysdb_msgs[0]); - done: - talloc_zfree(tmp_ctx); - return ret; -@@ -166,6 +214,50 @@ errno_t sysdb_merge_res_ts_attrs(struct sysdb_ctx *ctx, - return EOK; - } - -+static errno_t merge_res_sysdb_attrs(TALLOC_CTX *mem_ctx, -+ struct sysdb_ctx *ctx, -+ struct ldb_result *ts_res, -+ struct ldb_result **_ts_cache_res, -+ const char *attrs[]) -+{ -+ errno_t ret; -+ struct ldb_result *ts_cache_res = NULL; -+ -+ if (ts_res == NULL || ctx->ldb_ts == NULL) { -+ return EOK; -+ } -+ -+ ts_cache_res = talloc_zero(mem_ctx, struct ldb_result); -+ if (ts_cache_res == NULL) { -+ return ENOMEM; -+ } -+ ts_cache_res->count = ts_res->count; -+ ts_cache_res->msgs = talloc_zero_array(ts_cache_res, -+ struct ldb_message *, -+ ts_res->count); -+ if (ts_cache_res->msgs == NULL) { -+ talloc_free(ts_cache_res); -+ return ENOMEM; -+ } -+ -+ for (size_t c = 0; c < ts_res->count; c++) { -+ ret = merge_msg_sysdb_attrs(ts_cache_res->msgs, -+ ctx, -+ ts_res->msgs[c], -+ &ts_cache_res->msgs[c], attrs); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot merge sysdb cache values for %s\n", -+ ldb_dn_get_linearized(ts_res->msgs[c]->dn)); -+ /* non-fatal, we just get only the non-timestamp attrs */ -+ continue; -+ } -+ } -+ -+ *_ts_cache_res = ts_cache_res; -+ return EOK; -+} -+ - errno_t sysdb_merge_msg_list_ts_attrs(struct sysdb_ctx *ctx, - size_t msgs_count, - struct ldb_message **msgs, -@@ -543,6 +635,119 @@ done: - return ret; - } - -+errno_t sysdb_search_with_ts_attr(TALLOC_CTX *mem_ctx, -+ struct sss_domain_info *domain, -+ struct ldb_dn *base_dn, -+ enum ldb_scope scope, -+ int optflags, -+ const char *filter, -+ const char *attrs[], -+ struct ldb_result **_res) -+{ -+ TALLOC_CTX *tmp_ctx = NULL; -+ struct ldb_result *res; -+ errno_t ret; -+ struct ldb_message **ts_msgs = NULL; -+ struct ldb_result *ts_cache_res = NULL; -+ size_t ts_count; -+ -+ if (filter == NULL) { -+ return EINVAL; -+ } -+ -+ tmp_ctx = talloc_new(NULL); -+ if (tmp_ctx == NULL) { -+ return ENOMEM; -+ } -+ -+ res = talloc_zero(tmp_ctx, struct ldb_result); -+ if (res == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ if (optflags & SYSDB_SEARCH_WITH_TS_ONLY_SYSDB_FILTER) { -+ /* We only care about searching the persistent db */ -+ ts_cache_res = talloc_zero(tmp_ctx, struct ldb_result); -+ if (ts_cache_res == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ ts_cache_res->count = 0; -+ ts_cache_res->msgs = NULL; -+ } else { -+ /* Because the timestamp database does not contain all the -+ * attributes, we need to search the persistent db for each -+ * of the entries found and merge the results -+ */ -+ struct ldb_result ts_res; -+ -+ /* We assume that some of the attributes are more up-to-date in -+ * timestamps db and we're supposed to search by them, so let's -+ * first search the timestamp db -+ */ -+ ret = sysdb_search_ts_entry(tmp_ctx, domain->sysdb, base_dn, -+ scope, filter, attrs, -+ &ts_count, &ts_msgs); -+ if (ret == ENOENT) { -+ ts_count = 0; -+ } else if (ret != EOK) { -+ goto done; -+ } -+ -+ memset(&ts_res, 0, sizeof(struct ldb_result)); -+ ts_res.count = ts_count; -+ ts_res.msgs = ts_msgs; -+ -+ /* Overlay the results from the main cache with the ts attrs */ -+ ret = merge_res_sysdb_attrs(tmp_ctx, -+ domain->sysdb, -+ &ts_res, -+ &ts_cache_res, -+ attrs); -+ if (ret != EOK) { -+ goto done; -+ } -+ } -+ -+ if (optflags & SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER) { -+ /* The filter only contains timestamp attrs, no need to search the -+ * persistent db -+ */ -+ if (ts_cache_res) { -+ res->count = ts_cache_res->count; -+ res->msgs = talloc_steal(res, ts_cache_res->msgs); -+ } -+ } else { -+ /* Because some of the attributes being searched might exist in the persistent -+ * database only, we also search the persistent db -+ */ -+ size_t count; -+ -+ ret = sysdb_search_entry(res, domain->sysdb, base_dn, scope, -+ filter, attrs, &count, &res->msgs); -+ if (ret == ENOENT) { -+ res->count = 0; -+ } else if (ret != EOK) { -+ goto done; -+ } -+ res->count = count; /* Just to cleanly assign size_t to unsigned */ -+ -+ res = sss_merge_ldb_results(res, ts_cache_res); -+ if (res == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ } -+ -+ *_res = talloc_steal(mem_ctx, res); -+ ret = EOK; -+ -+done: -+ talloc_zfree(tmp_ctx); -+ return ret; -+} -+ - static errno_t sysdb_enum_dn_filter(TALLOC_CTX *mem_ctx, - struct ldb_result *ts_res, - const char *name_filter, -diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c -index fdf9935da..d2296d1b8 100644 ---- a/src/tests/cmocka/test_sysdb_ts_cache.c -+++ b/src/tests/cmocka/test_sysdb_ts_cache.c -@@ -1411,6 +1411,201 @@ static void test_sysdb_zero_now(void **state) - assert_true(cache_expire_ts > TEST_CACHE_TIMEOUT); - } - -+static void test_sysdb_search_with_ts(void **state) -+{ -+ int ret; -+ struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*state, -+ struct sysdb_ts_test_ctx); -+ struct ldb_result *res = NULL; -+ struct ldb_dn *base_dn; -+ const char *attrs[] = { SYSDB_NAME, -+ SYSDB_OBJECTCATEGORY, -+ SYSDB_GIDNUM, -+ SYSDB_CACHE_EXPIRE, -+ NULL }; -+ struct sysdb_attrs *group_attrs = NULL; -+ char *filter; -+ uint64_t cache_expire_sysdb; -+ uint64_t cache_expire_ts; -+ size_t count; -+ struct ldb_message **msgs; -+ -+ base_dn = sysdb_base_dn(test_ctx->tctx->dom->sysdb, test_ctx); -+ assert_non_null(base_dn); -+ -+ /* Nothing must be stored in either cache at the beginning of the test */ -+ ret = sysdb_search_with_ts_attr(test_ctx, -+ test_ctx->tctx->dom, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ 0, -+ SYSDB_NAME"=*", -+ attrs, -+ &res); -+ assert_int_equal(ret, EOK); -+ assert_int_equal(res->count, 0); -+ talloc_free(res); -+ -+ group_attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_1); -+ assert_non_null(group_attrs); -+ -+ ret = sysdb_store_group(test_ctx->tctx->dom, -+ TEST_GROUP_NAME, -+ TEST_GROUP_GID, -+ group_attrs, -+ TEST_CACHE_TIMEOUT, -+ TEST_NOW_1); -+ assert_int_equal(ret, EOK); -+ talloc_zfree(group_attrs); -+ -+ group_attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_1); -+ assert_non_null(group_attrs); -+ -+ ret = sysdb_store_group(test_ctx->tctx->dom, -+ TEST_GROUP_NAME_2, -+ TEST_GROUP_GID_2, -+ group_attrs, -+ TEST_CACHE_TIMEOUT, -+ TEST_NOW_2); -+ assert_int_equal(ret, EOK); -+ talloc_zfree(group_attrs); -+ -+ /* Bump the timestamps in the cache so that the ts cache -+ * and sysdb differ -+ */ -+ -+ group_attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_1); -+ assert_non_null(group_attrs); -+ -+ ret = sysdb_store_group(test_ctx->tctx->dom, -+ TEST_GROUP_NAME, -+ TEST_GROUP_GID, -+ group_attrs, -+ TEST_CACHE_TIMEOUT, -+ TEST_NOW_3); -+ assert_int_equal(ret, EOK); -+ -+ talloc_zfree(group_attrs); -+ -+ -+ group_attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_1); -+ assert_non_null(group_attrs); -+ -+ ret = sysdb_store_group(test_ctx->tctx->dom, -+ TEST_GROUP_NAME_2, -+ TEST_GROUP_GID_2, -+ group_attrs, -+ TEST_CACHE_TIMEOUT, -+ TEST_NOW_4); -+ assert_int_equal(ret, EOK); -+ -+ talloc_zfree(group_attrs); -+ -+ get_gr_timestamp_attrs(test_ctx, TEST_GROUP_NAME, -+ &cache_expire_sysdb, &cache_expire_ts); -+ assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_1); -+ assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_3); -+ -+ get_gr_timestamp_attrs(test_ctx, TEST_GROUP_NAME_2, -+ &cache_expire_sysdb, &cache_expire_ts); -+ assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2); -+ assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_4); -+ -+ /* Search for groups that don't expire until TEST_NOW_4 */ -+ filter = talloc_asprintf(test_ctx, SYSDB_CACHE_EXPIRE">=%d", TEST_NOW_4); -+ assert_non_null(filter); -+ -+ /* This search should yield only one group (so, it needs to search the ts -+ * cache to hit the TEST_NOW_4), but should return attributes merged from -+ * both caches -+ */ -+ ret = sysdb_search_with_ts_attr(test_ctx, -+ test_ctx->tctx->dom, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ 0, -+ filter, -+ attrs, -+ &res); -+ assert_int_equal(ret, EOK); -+ assert_int_equal(res->count, 1); -+ assert_int_equal(TEST_GROUP_GID_2, ldb_msg_find_attr_as_uint64(res->msgs[0], -+ SYSDB_GIDNUM, 0)); -+ talloc_free(res); -+ -+ /* -+ * In contrast, sysdb_search_entry merges the timestamp attributes, but does -+ * not search the timestamp cache -+ */ -+ ret = sysdb_search_entry(test_ctx, -+ test_ctx->tctx->dom->sysdb, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ filter, -+ attrs, -+ &count, -+ &msgs); -+ assert_int_equal(ret, ENOENT); -+ -+ /* Should get the same result when searching by ts attrs only */ -+ ret = sysdb_search_with_ts_attr(test_ctx, -+ test_ctx->tctx->dom, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER, -+ filter, -+ attrs, -+ &res); -+ talloc_zfree(filter); -+ assert_int_equal(ret, EOK); -+ assert_int_equal(res->count, 1); -+ assert_int_equal(TEST_GROUP_GID_2, ldb_msg_find_attr_as_uint64(res->msgs[0], -+ SYSDB_GIDNUM, 0)); -+ talloc_free(res); -+ -+ /* We can also search in sysdb only as well, we should get back ts attrs */ -+ filter = talloc_asprintf(test_ctx, SYSDB_GIDNUM"=%d", TEST_GROUP_GID); -+ assert_non_null(filter); -+ -+ ret = sysdb_search_with_ts_attr(test_ctx, -+ test_ctx->tctx->dom, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ SYSDB_SEARCH_WITH_TS_ONLY_SYSDB_FILTER, -+ filter, -+ attrs, -+ &res); -+ talloc_zfree(filter); -+ assert_int_equal(ret, EOK); -+ assert_int_equal(res->count, 1); -+ assert_int_equal(TEST_GROUP_GID, ldb_msg_find_attr_as_uint64(res->msgs[0], -+ SYSDB_GIDNUM, 0)); -+ assert_int_equal(TEST_CACHE_TIMEOUT + TEST_NOW_3, -+ ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_CACHE_EXPIRE, 0)); -+ talloc_free(res); -+ -+ /* We can also search in both using an OR-filter. Note that an AND-filter is not possible -+ * unless we deconstruct the filter.. -+ */ -+ filter = talloc_asprintf(test_ctx, "(|("SYSDB_GIDNUM"=%d)" -+ "("SYSDB_CACHE_EXPIRE">=%d))", -+ TEST_GROUP_GID, TEST_NOW_4); -+ assert_non_null(filter); -+ -+ ret = sysdb_search_with_ts_attr(test_ctx, -+ test_ctx->tctx->dom, -+ base_dn, -+ LDB_SCOPE_SUBTREE, -+ 0, -+ filter, -+ attrs, -+ &res); -+ talloc_zfree(filter); -+ assert_int_equal(ret, EOK); -+ assert_int_equal(res->count, 2); -+ talloc_free(res); -+} -+ - int main(int argc, const char *argv[]) - { - int rv; -@@ -1462,6 +1657,9 @@ int main(int argc, const char *argv[]) - cmocka_unit_test_setup_teardown(test_sysdb_zero_now, - test_sysdb_ts_setup, - test_sysdb_ts_teardown), -+ cmocka_unit_test_setup_teardown(test_sysdb_search_with_ts, -+ test_sysdb_ts_setup, -+ test_sysdb_ts_teardown), - }; - - /* Set debug level to invalid value so we can decide if -d 0 was used. */ --- -2.20.1 - diff --git a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch new file mode 100644 index 0000000..3901ba0 --- /dev/null +++ b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch @@ -0,0 +1,209 @@ +From f9b3c0d1009da8d8dbe273c38d6725100789e57b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 8 Jan 2020 13:46:22 +0100 +Subject: [PATCH 26/27] ssh: do not mix different certificate lists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There was a list of binary certificates and a list with base64 encoded +ones which might be different depending on the active matching rules. +Only the base64 one with the filtered results should be used. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman +--- + src/tests/cmocka/test_cert_utils.c | 80 +++++++++++++++++++++++++++ + src/util/cert.h | 3 + + src/util/cert/cert_common.c | 20 +++++++ + src/util/cert/cert_common_p11_child.c | 12 ++-- + 4 files changed, 108 insertions(+), 7 deletions(-) + +diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c +index 325e49f00..c2c9ca270 100644 +--- a/src/tests/cmocka/test_cert_utils.c ++++ b/src/tests/cmocka/test_cert_utils.c +@@ -711,6 +711,84 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state) + talloc_free(ev); + } + ++void test_cert_to_ssh_2keys_with_certmap_2_done(struct tevent_req *req) ++{ ++ int ret; ++ struct test_state *ts = tevent_req_callback_data(req, struct test_state); ++ struct ldb_val *keys; ++ uint8_t *exp_key; ++ size_t exp_key_size; ++ size_t valid_keys; ++ ++ assert_non_null(ts); ++ ts->done = true; ++ ++ ret = cert_to_ssh_key_recv(req, ts, &keys, &valid_keys); ++ talloc_free(req); ++ assert_int_equal(ret, 0); ++ assert_non_null(keys[0].data); ++ assert_int_equal(valid_keys, 1); ++ ++ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0002, &exp_key_size); ++ assert_non_null(exp_key); ++ assert_int_equal(keys[0].length, exp_key_size); ++ assert_memory_equal(keys[0].data, exp_key, exp_key_size); ++ talloc_free(exp_key); ++ ++ talloc_free(keys); ++ sss_certmap_free_ctx(ts->sss_certmap_ctx); ++} ++ ++void test_cert_to_ssh_2keys_with_certmap_2_send(void **state) ++{ ++ int ret; ++ struct tevent_context *ev; ++ struct tevent_req *req; ++ struct ldb_val val[2]; ++ ++ struct test_state *ts = talloc_get_type_abort(*state, struct test_state); ++ assert_non_null(ts); ++ ts->done = false; ++ ++ ret = sss_certmap_init(ts, NULL, NULL, &ts->sss_certmap_ctx); ++ assert_int_equal(ret, EOK); ++ ++ ret = sss_certmap_add_rule(ts->sss_certmap_ctx, -1, ++ "CN=SSSD test cert 0002,.*", NULL, ++ NULL); ++ assert_int_equal(ret, EOK); ++ ++ val[0].data = sss_base64_decode(ts, SSSD_TEST_CERT_0001, ++ &val[0].length); ++ assert_non_null(val[0].data); ++ ++ val[1].data = sss_base64_decode(ts, SSSD_TEST_CERT_0002, ++ &val[1].length); ++ assert_non_null(val[1].data); ++ ++ ev = tevent_context_init(ts); ++ assert_non_null(ev); ++ ++ req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, ++#ifdef HAVE_NSS ++ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", ++#else ++ ABS_BUILD_DIR "/src/tests/test_CA/SSSD_test_CA.pem", ++#endif ++ ts->sss_certmap_ctx, 2, &val[0], NULL); ++ assert_non_null(req); ++ ++ tevent_req_set_callback(req, test_cert_to_ssh_2keys_with_certmap_2_done, ts); ++ ++ while (!ts->done) { ++ tevent_loop_once(ev); ++ } ++ ++ talloc_free(val[0].data); ++ talloc_free(val[1].data); ++ talloc_free(ev); ++} ++ + int main(int argc, const char *argv[]) + { + poptContext pc; +@@ -746,6 +824,8 @@ int main(int argc, const char *argv[]) + setup, teardown), + cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_send, + setup, teardown), ++ cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_2_send, ++ setup, teardown), + #endif + }; + +diff --git a/src/util/cert.h b/src/util/cert.h +index e0d44e3d6..d038a99f6 100644 +--- a/src/util/cert.h ++++ b/src/util/cert.h +@@ -52,6 +52,9 @@ errno_t get_ssh_key_from_cert(TALLOC_CTX *mem_ctx, + uint8_t *der_blob, size_t der_size, + uint8_t **key_blob, size_t *key_size); + ++errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64, ++ uint8_t **key_blob, size_t *key_size); ++ + struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int child_debug_fd, time_t timeout, +diff --git a/src/util/cert/cert_common.c b/src/util/cert/cert_common.c +index 766877089..511fddd4d 100644 +--- a/src/util/cert/cert_common.c ++++ b/src/util/cert/cert_common.c +@@ -206,3 +206,23 @@ done: + + return ret; + } ++ ++errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64, ++ uint8_t **key_blob, size_t *key_size) ++{ ++ int ret; ++ uint8_t *der_blob; ++ size_t der_size; ++ ++ der_blob = sss_base64_decode(mem_ctx, derb64, &der_size); ++ if (der_blob == NULL) { ++ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n"); ++ return EIO; ++ } ++ ++ ret = get_ssh_key_from_cert(mem_ctx, der_blob, der_size, ++ key_blob, key_size); ++ talloc_free(der_blob); ++ ++ return ret; ++} +diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c +index 80c10eff1..1846ff89a 100644 +--- a/src/util/cert/cert_common_p11_child.c ++++ b/src/util/cert/cert_common_p11_child.c +@@ -28,7 +28,6 @@ struct cert_to_ssh_key_state { + time_t timeout; + const char **extra_args; + const char **certs; +- struct ldb_val *bin_certs; + struct ldb_val *keys; + size_t cert_count; + size_t iter; +@@ -74,7 +73,6 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO + : child_debug_fd; + state->timeout = timeout; +- state->bin_certs = bin_certs; + state->io = talloc(state, struct child_io_fds); + if (state->io == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n"); +@@ -138,6 +136,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, + ret = EINVAL; + goto done; + } ++ + state->cert_count++; + } + +@@ -289,11 +288,10 @@ static void cert_to_ssh_key_done(int child_status, + if (valid) { + DEBUG(SSSDBG_TRACE_LIBS, "Certificate [%s] is valid.\n", + state->certs[state->iter]); +- ret = get_ssh_key_from_cert(state->keys, +- state->bin_certs[state->iter].data, +- state->bin_certs[state->iter].length, +- &state->keys[state->iter].data, +- &state->keys[state->iter].length); ++ ret = get_ssh_key_from_derb64(state->keys, ++ state->certs[state->iter], ++ &state->keys[state->iter].data, ++ &state->keys[state->iter].length); + if (ret == EOK) { + state->valid_keys++; + } else { +-- +2.20.1 + diff --git a/SOURCES/0027-BE-search-with-sysdb_search_with_ts_attr.patch b/SOURCES/0027-BE-search-with-sysdb_search_with_ts_attr.patch deleted file mode 100644 index c65ca44..0000000 --- a/SOURCES/0027-BE-search-with-sysdb_search_with_ts_attr.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a5cd021e92695ccf45be92e5b05394f46ccebd2e Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 28 May 2019 14:56:15 +0200 -Subject: [PATCH 27/48] BE: search with sysdb_search_with_ts_attr - -Previously, the background refresh code had used sysdb_search_entry() -which does not run the search on the timestamp cache. Instead, this -patch changes to using sysdb_search_with_ts_attr with the -SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER optimization because currently only -the dataExpireTimestamp attribute is included in the filter. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 19 +++++++++---------- - 1 file changed, 9 insertions(+), 10 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index e8cf5da75..c6bb66b68 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -40,9 +40,8 @@ static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx, - const char *attrs[] = {attr, NULL}; - const char *filter = NULL; - char **values = NULL; -- struct ldb_message **msgs = NULL; - struct sysdb_attrs **records = NULL; -- size_t count; -+ struct ldb_result *res; - time_t now = time(NULL); - errno_t ret; - -@@ -58,23 +57,23 @@ static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx, - goto done; - } - -- ret = sysdb_search_entry(tmp_ctx, domain->sysdb, base_dn, -- LDB_SCOPE_SUBTREE, filter, attrs, -- &count, &msgs); -- if (ret == ENOENT) { -- count = 0; -- } else if (ret != EOK) { -+ ret = sysdb_search_with_ts_attr(tmp_ctx, domain, base_dn, -+ LDB_SCOPE_SUBTREE, -+ SYSDB_SEARCH_WITH_TS_ONLY_TS_FILTER, -+ filter, attrs, -+ &res); -+ if (ret != EOK) { - goto done; - } - -- ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &records); -+ ret = sysdb_msg2attrs(tmp_ctx, res->count, res->msgs, &records); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Could not convert ldb message to sysdb_attrs\n"); - goto done; - } - -- ret = sysdb_attrs_to_list(tmp_ctx, records, count, attr, &values); -+ ret = sysdb_attrs_to_list(tmp_ctx, records, res->count, attr, &values); - if (ret != EOK) { - goto done; - } --- -2.20.1 - diff --git a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch new file mode 100644 index 0000000..32bacee --- /dev/null +++ b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch @@ -0,0 +1,314 @@ +From 849d495ea948e75ecb4ea469c9f8db4a740a2377 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 7 Feb 2020 20:32:45 +0100 +Subject: [PATCH 27/27] ssh: add 'no_rules' and 'all_rules' to + ssh_use_certificate_matching_rules +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +To make ssh_use_certificate_matching_rules option more flexible and +predictable the keywords 'all_rules' and 'no_rules' are added. +'no_rules' can be used to allow all certificates. + +If rules names are given but no matching rules can be found this is +considered an error and no ssh keys will be derived from the +certificates. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman +--- + src/man/sssd.conf.5.xml | 16 +++-- + src/responder/ssh/ssh_cmd.c | 33 ++++++--- + src/responder/ssh/ssh_private.h | 1 + + src/responder/ssh/ssh_reply.c | 8 +++ + src/tests/cmocka/test_ssh_srv.c | 122 +++++++++++++++++++++++++++++++- + 5 files changed, 165 insertions(+), 15 deletions(-) + +diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml +index ef07c43d3..f71fbf4aa 100644 +--- a/src/man/sssd.conf.5.xml ++++ b/src/man/sssd.conf.5.xml +@@ -1760,12 +1760,20 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + will be ignored. + + +- If a non-existing rule name is given all rules will +- be ignored and all available certificates will be +- used to derive ssh keys. ++ There are two special key words 'all_rules' and ++ 'no_rules' which will enable all or no rules, ++ respectively. The latter means that no certificates ++ will be filtered out and ssh keys will be generated ++ from all valid certificates. + + +- Default: not set, all found rules are used ++ A non-existing rule name is considered an error. ++ If as a result no rule is selected all certificates ++ will be ignored. ++ ++ ++ Default: not set, equivalent to 'all_rules, ++ all found rules are used + + + +diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c +index 09f9b73b6..d1e7c667b 100644 +--- a/src/responder/ssh/ssh_cmd.c ++++ b/src/responder/ssh/ssh_cmd.c +@@ -157,10 +157,26 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + size_t c; + int ret; + bool rule_added; ++ bool all_rules = false; ++ bool no_rules = false; ++ ++ ssh_ctx->cert_rules_error = false; ++ ++ if (ssh_ctx->cert_rules == NULL || ssh_ctx->cert_rules[0] == NULL) { ++ all_rules = true; ++ } else if (ssh_ctx->cert_rules[0] != NULL ++ && ssh_ctx->cert_rules[1] == NULL) { ++ if (strcmp(ssh_ctx->cert_rules[0], "all_rules") == 0) { ++ all_rules = true; ++ } else if (strcmp(ssh_ctx->cert_rules[0], "no_rules") == 0) { ++ no_rules = true; ++ } ++ } + + if (!ssh_ctx->use_cert_keys + || ssh_ctx->certmap_last_read +- >= ssh_ctx->rctx->get_domains_last_call.tv_sec) { ++ >= ssh_ctx->rctx->get_domains_last_call.tv_sec ++ || no_rules) { + DEBUG(SSSDBG_TRACE_ALL, "No certmap update needed.\n"); + return EOK; + } +@@ -180,9 +196,8 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + + for (c = 0; certmap_list[c] != NULL; c++) { + +- if (ssh_ctx->cert_rules != NULL +- && !string_in_list(certmap_list[c]->name, +- ssh_ctx->cert_rules, true)) { ++ if (!all_rules && !string_in_list(certmap_list[c]->name, ++ ssh_ctx->cert_rules, true)) { + DEBUG(SSSDBG_TRACE_ALL, "Skipping matching rule [%s], it is " + "not listed in the ssh_use_certificate_matching_rules " + "option.\n", certmap_list[c]->name); +@@ -212,11 +227,12 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + if (!rule_added) { +- DEBUG(SSSDBG_TRACE_ALL, +- "No matching rule added, all certificates will be used.\n"); ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "No matching rule added, please check " ++ "ssh_use_certificate_matching_rules option values for typos .\n"); + +- sss_certmap_free_ctx(sss_certmap_ctx); +- sss_certmap_ctx = NULL; ++ ret = EINVAL; ++ goto done; + } + + ret = EOK; +@@ -228,6 +244,7 @@ done: + ssh_ctx->certmap_last_read = ssh_ctx->rctx->get_domains_last_call.tv_sec; + } else { + sss_certmap_free_ctx(sss_certmap_ctx); ++ ssh_ctx->cert_rules_error = true; + } + + return ret; +diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h +index 76a1aead3..028ccd616 100644 +--- a/src/responder/ssh/ssh_private.h ++++ b/src/responder/ssh/ssh_private.h +@@ -40,6 +40,7 @@ struct ssh_ctx { + time_t certmap_last_read; + struct sss_certmap_ctx *sss_certmap_ctx; + char **cert_rules; ++ bool cert_rules_error; + }; + + struct sss_cmd_table *get_ssh_cmds(void); +diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c +index 1200a3a36..97914266d 100644 +--- a/src/responder/ssh/ssh_reply.c ++++ b/src/responder/ssh/ssh_reply.c +@@ -196,6 +196,14 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx, + goto done; + } + ++ if (state->ssh_ctx->cert_rules_error) { ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "Skipping keys from certificates because there was an error " ++ "while processing matching rules.\n"); ++ ret = EOK; ++ goto done; ++ } ++ + ret = confdb_get_string(cli_ctx->rctx->cdb, state, + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_CERT_VERIFICATION, NULL, +diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c +index 45915f681..fc43663a7 100644 +--- a/src/tests/cmocka/test_ssh_srv.c ++++ b/src/tests/cmocka/test_ssh_srv.c +@@ -712,6 +712,120 @@ void test_ssh_user_pubkey_cert_with_rule(void **state) + assert_int_equal(ret, EOK); + } + ++void test_ssh_user_pubkey_cert_with_all_rules(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* Both rules are enabled, both certificates should be handled. */ ++ const char *rule_list[] = { "all_rules", NULL }; ++ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL}; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ ++void test_ssh_user_pubkey_cert_with_no_rules(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* No rules should be used, both certificates should be handled. */ ++ const char *rule_list[] = { "no_rules", NULL }; ++ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL}; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ + void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + { + int ret; +@@ -743,8 +857,6 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); +- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); +- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + + /* Enable certificate support */ + ssh_test_ctx->ssh_ctx->use_cert_keys = true; +@@ -760,7 +872,7 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state) + "/src/tests/test_CA/SSSD_test_CA.pem"); + #endif + +- set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ set_cmd_cb(test_ssh_user_one_pubkey_check); + ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, + ssh_test_ctx->ssh_cmds); + assert_int_equal(ret, EOK); +@@ -852,6 +964,10 @@ int main(int argc, const char *argv[]) + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule, + ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules, ++ ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules, ++ ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name, + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule_1, +-- +2.20.1 + diff --git a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch new file mode 100644 index 0000000..32b7d65 --- /dev/null +++ b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch @@ -0,0 +1,50 @@ +From 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 10 Sep 2019 14:33:37 +0000 +Subject: [PATCH] Add TCP level timeout to LDAP services + +In some cases the TCP connection may hang with data sent because +of network conditions, this may cause the socket to stall for much +longer than the timeout intended. +Set a TCP option to forcibly timeout a socket that sees its data not +ACKed within the ldap_network_timeout seconds. + +Signed-off-by: Simo Sorce + +Reviewed-by: Sumit Bose +--- + src/util/sss_sockets.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c +index 0e4d8df8a..b6b6dbac5 100644 +--- a/src/util/sss_sockets.c ++++ b/src/util/sss_sockets.c +@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout) + int dummy = 1; + int ret; + struct timeval tv; ++ unsigned int milli; + + /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but + * failures are ignored.*/ +@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout) + "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, + strerror(ret)); + } ++ ++ milli = timeout * 1000; /* timeout in milliseconds */ ++ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, ++ sizeof(milli)); ++ if (ret != 0) { ++ ret = errno; ++ DEBUG(SSSDBG_FUNC_DATA, ++ "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, ++ strerror(ret)); ++ } + } + + return EOK; +-- +2.21.1 + diff --git a/SOURCES/0028-BE-Enable-refresh-for-multiple-domains.patch b/SOURCES/0028-BE-Enable-refresh-for-multiple-domains.patch deleted file mode 100644 index e1f65f7..0000000 --- a/SOURCES/0028-BE-Enable-refresh-for-multiple-domains.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b90b9c79eab4110ba626d0a3f94f70ab6dd80735 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 24 Apr 2019 21:09:53 +0200 -Subject: [PATCH 28/48] BE: Enable refresh for multiple domains - -Descend into subdomains on back end refresh and make sure to start from -users again. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index c6bb66b68..02e478c95 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -255,7 +255,9 @@ static errno_t be_refresh_step(struct tevent_req *req) - - /* if not found than continue with next domain */ - if (state->index == BE_REFRESH_TYPE_SENTINEL) { -- state->domain = get_next_domain(state->domain, 0); -+ state->domain = get_next_domain(state->domain, -+ SSS_GND_DESCEND); -+ state->index = 0; - continue; - } - --- -2.20.1 - diff --git a/SOURCES/0029-BE-Make-be_refresh_ctx_init-set-up-the-periodical-ta.patch b/SOURCES/0029-BE-Make-be_refresh_ctx_init-set-up-the-periodical-ta.patch deleted file mode 100644 index 005a505..0000000 --- a/SOURCES/0029-BE-Make-be_refresh_ctx_init-set-up-the-periodical-ta.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 47c33b9c8b8613956ed4687d58e26cb9fe7dc9eb Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 20 May 2019 22:32:13 +0200 -Subject: [PATCH 29/48] BE: Make be_refresh_ctx_init set up the periodical - task, too - -This is mostly a preparatory patch that rolls in setting up the ptask -into be_refresh_ctx_init. Since in later patches we will call -be_refresh_ctx_init from several different places, this will prevent -code duplication. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 21 +++++++++++++++++++-- - src/providers/be_refresh.h | 2 +- - src/providers/data_provider_be.c | 14 -------------- - 3 files changed, 20 insertions(+), 17 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 02e478c95..c7b048a95 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -134,11 +134,13 @@ struct be_refresh_ctx { - struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; - }; - --struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx) -+struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx) - { - struct be_refresh_ctx *ctx = NULL; -+ uint32_t refresh_interval; -+ errno_t ret; - -- ctx = talloc_zero(mem_ctx, struct be_refresh_ctx); -+ ctx = talloc_zero(be_ctx, struct be_refresh_ctx); - if (ctx == NULL) { - return NULL; - } -@@ -147,6 +149,21 @@ struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx) - ctx->callbacks[BE_REFRESH_TYPE_GROUPS].name = "groups"; - ctx->callbacks[BE_REFRESH_TYPE_NETGROUPS].name = "netgroups"; - -+ refresh_interval = be_ctx->domain->refresh_expired_interval; -+ if (refresh_interval > 0) { -+ ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, -+ refresh_interval, BE_PTASK_OFFLINE_SKIP, 0, -+ be_refresh_send, be_refresh_recv, -+ be_ctx->refresh_ctx, "Refresh Records", NULL); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, -+ "Unable to initialize refresh periodic task [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ talloc_free(ctx); -+ return NULL; -+ } -+ } -+ - return ctx; - } - -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 927fa4a33..664f01816 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -52,7 +52,7 @@ enum be_refresh_type { - - struct be_refresh_ctx; - --struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx); -+struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx); - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - enum be_refresh_type type, -diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c -index db62efdc6..a1e7999c7 100644 ---- a/src/providers/data_provider_be.c -+++ b/src/providers/data_provider_be.c -@@ -454,7 +454,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct confdb_ctx *cdb) - { -- uint32_t refresh_interval; - struct tevent_req *req; - struct be_ctx *be_ctx; - char *str = NULL; -@@ -545,19 +544,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, - goto done; - } - -- refresh_interval = be_ctx->domain->refresh_expired_interval; -- if (refresh_interval > 0) { -- ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, -- refresh_interval, BE_PTASK_OFFLINE_SKIP, 0, -- be_refresh_send, be_refresh_recv, -- be_ctx->refresh_ctx, "Refresh Records", NULL); -- if (ret != EOK) { -- DEBUG(SSSDBG_FATAL_FAILURE, -- "Unable to initialize refresh periodic task\n"); -- goto done; -- } -- } -- - req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid); - if (req == NULL) { - ret = ENOMEM; --- -2.20.1 - diff --git a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch new file mode 100644 index 0000000..967a1c3 --- /dev/null +++ b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch @@ -0,0 +1,46 @@ +From 5b87af6f5b50c464ee7ea4558f73431e398e1423 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20B=C5=99ezina?= +Date: Mon, 10 Feb 2020 11:52:35 +0100 +Subject: [PATCH] sss_sockets: pass pointer instead of integer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +``` +/home/pbrezina/workspace/sssd/src/util/sss_sockets.c: In function ‘set_fd_common_opts’: +/home/pbrezina/workspace/sssd/src/util/sss_sockets.c:123:61: error: passing argument 4 of ‘setsockopt’ makes pointer from integer without a cast [-Werror=int-conversion] + 123 | ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, + | ^~~~~ + | | + | unsigned int +In file included from /home/pbrezina/workspace/sssd/src/util/sss_sockets.c:28: +/usr/include/sys/socket.h:216:22: note: expected ‘const void *’ but argument is of type ‘unsigned int’ + 216 | const void *__optval, socklen_t __optlen) __THROW; + | ~~~~~~~~~~~~^~~~~~~~ + CC src/util/sssd_kcm-sss_iobuf.o +cc1: all warnings being treated as errors +``` + +Introduced by 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac + +Reviewed-by: Sumit Bose +--- + src/util/sss_sockets.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c +index b6b6dbac5..6f2b71bc8 100644 +--- a/src/util/sss_sockets.c ++++ b/src/util/sss_sockets.c +@@ -120,7 +120,7 @@ static errno_t set_fd_common_opts(int fd, int timeout) + } + + milli = timeout * 1000; /* timeout in milliseconds */ +- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, ++ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, + sizeof(milli)); + if (ret != 0) { + ret = errno; +-- +2.21.1 + diff --git a/SOURCES/0030-BE-LDAP-Call-be_refresh_ctx_init-in-the-provider-lib.patch b/SOURCES/0030-BE-LDAP-Call-be_refresh_ctx_init-in-the-provider-lib.patch deleted file mode 100644 index f099332..0000000 --- a/SOURCES/0030-BE-LDAP-Call-be_refresh_ctx_init-in-the-provider-lib.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 4f32364e1a516cdcd311d369142e93d90a48e11c Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 20 May 2019 22:42:47 +0200 -Subject: [PATCH 30/48] BE/LDAP: Call be_refresh_ctx_init() in the provider - libraries, not in back end - -Since later patches will pass different parameters to -be_refresh_ctx_init(), let's call the init function in the provider -libraries not directly in the back end. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_init.c | 2 +- - src/providers/data_provider_be.c | 8 -------- - src/providers/ipa/ipa_init.c | 2 +- - src/providers/ldap/ldap_common.h | 2 +- - src/providers/ldap/ldap_init.c | 2 +- - src/providers/ldap/sdap_refresh.c | 17 +++++++++++++---- - 6 files changed, 17 insertions(+), 16 deletions(-) - -diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c -index 423071dcd..b8ebaea2f 100644 ---- a/src/providers/ad/ad_init.c -+++ b/src/providers/ad/ad_init.c -@@ -408,7 +408,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx, - return ret; - } - -- ret = sdap_refresh_init(be_ctx->refresh_ctx, sdap_id_ctx); -+ ret = sdap_refresh_init(be_ctx, sdap_id_ctx); - if (ret != EOK && ret != EEXIST) { - DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh " - "will not work [%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c -index a1e7999c7..877841055 100644 ---- a/src/providers/data_provider_be.c -+++ b/src/providers/data_provider_be.c -@@ -536,14 +536,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, - goto done; - } - -- /* Initialize be_refresh periodic task. */ -- be_ctx->refresh_ctx = be_refresh_ctx_init(be_ctx); -- if (be_ctx->refresh_ctx == NULL) { -- DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -- ret = ENOMEM; -- goto done; -- } -- - req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid); - if (req == NULL) { - ret = ENOMEM; -diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c -index 6818e2171..b3060e228 100644 ---- a/src/providers/ipa/ipa_init.c -+++ b/src/providers/ipa/ipa_init.c -@@ -594,7 +594,7 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx, - } - } - -- ret = sdap_refresh_init(be_ctx->refresh_ctx, sdap_id_ctx); -+ ret = sdap_refresh_init(be_ctx, sdap_id_ctx); - if (ret != EOK && ret != EEXIST) { - DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh " - "will not work [%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h -index 5d6302dcd..60e3ef297 100644 ---- a/src/providers/ldap/ldap_common.h -+++ b/src/providers/ldap/ldap_common.h -@@ -365,7 +365,7 @@ struct sdap_id_ctx * - sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, - struct sdap_service *sdap_service); - --errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx, -+errno_t sdap_refresh_init(struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx); - - errno_t sdap_init_certmap(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx); -diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c -index 057e173ad..3ce574e28 100644 ---- a/src/providers/ldap/ldap_init.c -+++ b/src/providers/ldap/ldap_init.c -@@ -432,7 +432,7 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx, - } - - /* Setup periodical refresh of expired records */ -- ret = sdap_refresh_init(be_ctx->refresh_ctx, id_ctx); -+ ret = sdap_refresh_init(be_ctx, id_ctx); - if (ret != EOK && ret != EEXIST) { - DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh will not work " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index 6d6c43e20..457df8be2 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -255,12 +255,19 @@ static errno_t sdap_refresh_netgroups_recv(struct tevent_req *req) - return sdap_refresh_recv(req); - } - --errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx, -+errno_t sdap_refresh_init(struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx) - { - errno_t ret; - -- ret = be_refresh_add_cb(refresh_ctx, BE_REFRESH_TYPE_USERS, -+ be_ctx->refresh_ctx = be_refresh_ctx_init(be_ctx); -+ if (be_ctx->refresh_ctx == NULL) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -+ return ENOMEM; -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, - sdap_refresh_users_send, - sdap_refresh_users_recv, - id_ctx); -@@ -269,7 +276,8 @@ errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx, - "will not work [%d]: %s\n", ret, strerror(ret)); - } - -- ret = be_refresh_add_cb(refresh_ctx, BE_REFRESH_TYPE_GROUPS, -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, - sdap_refresh_groups_send, - sdap_refresh_groups_recv, - id_ctx); -@@ -278,7 +286,8 @@ errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx, - "will not work [%d]: %s\n", ret, strerror(ret)); - } - -- ret = be_refresh_add_cb(refresh_ctx, BE_REFRESH_TYPE_NETGROUPS, -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, - sdap_refresh_netgroups_send, - sdap_refresh_netgroups_recv, - id_ctx); --- -2.20.1 - diff --git a/SOURCES/0030-ssh-fix-matching-rules-default.patch b/SOURCES/0030-ssh-fix-matching-rules-default.patch new file mode 100644 index 0000000..ec3e047 --- /dev/null +++ b/SOURCES/0030-ssh-fix-matching-rules-default.patch @@ -0,0 +1,235 @@ +From 6f7f15691b071cefd4e04a9fee44af580b6c502b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 9 Mar 2020 13:39:47 +0100 +Subject: [PATCH] ssh: fix matching rules default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before the ssh_use_certificate_matching_rules option was added the ssh +responder returned ssh keys derived from all valid certificates. Since +the default of the ssh_use_certificate_matching_rules option is +'all_rules' in a case where no matching rules are defined all +certificated will be filtered out and no ssh keys are returned. + +The intention of the default was to allow the same same certificates +which are allowed in the PAM responder for authentication. The missing +default matching rule which is currently use by the PAM responder if no +other rules are available is added by this patch. + +There might still be a small regression in case certificates without the +extended key usage (EKU) clientAuth were used for ssh. In this case +'ssh_use_certificate_matching_rules = no_rules' or a suitable matching +rule must be added to the configuration. + +Related to https://pagure.io/SSSD/sssd/issue/4121 + +Reviewed-by: Tomáš Halman +--- + src/man/sssd.conf.5.xml | 9 ++++- + src/responder/pam/pam_helpers.h | 2 ++ + src/responder/pam/pamsrv_p11.c | 3 +- + src/responder/ssh/ssh_cmd.c | 30 +++++++++++++---- + src/tests/cmocka/test_ssh_srv.c | 58 +++++++++++++++++++++++++++++++++ + 5 files changed, 93 insertions(+), 9 deletions(-) + +diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml +index 58383579c..a2567f5ac 100644 +--- a/src/man/sssd.conf.5.xml ++++ b/src/man/sssd.conf.5.xml +@@ -1766,6 +1766,13 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + will be filtered out and ssh keys will be generated + from all valid certificates. + ++ ++ If no rules are configured using 'all_rules' will ++ enable a default rule which enables all ++ certificates suitable for client authentication. ++ This is the same behavior as for the PAM responder ++ if certificate authentication is enabled. ++ + + A non-existing rule name is considered an error. + If as a result no rule is selected all certificates +@@ -1773,7 +1780,7 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 + + + Default: not set, equivalent to 'all_rules, +- all found rules are used ++ all found rules or the default rule are used + + + +diff --git a/src/responder/pam/pam_helpers.h b/src/responder/pam/pam_helpers.h +index 614389706..23fd308bb 100644 +--- a/src/responder/pam/pam_helpers.h ++++ b/src/responder/pam/pam_helpers.h +@@ -25,6 +25,8 @@ + + #include "util/util.h" + ++#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:clientAuth" ++ + errno_t pam_initgr_cache_set(struct tevent_context *ev, + hash_table_t *id_table, + char *name, +diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c +index 0dc53a826..8e276b200 100644 +--- a/src/responder/pam/pamsrv_p11.c ++++ b/src/responder/pam/pamsrv_p11.c +@@ -26,13 +26,12 @@ + #include "util/child_common.h" + #include "util/strtonum.h" + #include "responder/pam/pamsrv.h" ++#include "responder/pam/pam_helpers.h" + #include "lib/certmap/sss_certmap.h" + #include "util/crypto/sss_crypto.h" + #include "db/sysdb.h" + + +-#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:clientAuth" +- + struct cert_auth_info { + char *cert; + char *token_name; +diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c +index e42e29bfd..a593c904f 100644 +--- a/src/responder/ssh/ssh_cmd.c ++++ b/src/responder/ssh/ssh_cmd.c +@@ -29,6 +29,7 @@ + #include "responder/common/responder.h" + #include "responder/common/cache_req/cache_req.h" + #include "responder/ssh/ssh_private.h" ++#include "responder/pam/pam_helpers.h" + #include "lib/certmap/sss_certmap.h" + + struct ssh_cmd_ctx { +@@ -159,6 +160,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + bool rule_added; + bool all_rules = false; + bool no_rules = false; ++ bool rules_present = false; + + ssh_ctx->cert_rules_error = false; + +@@ -195,6 +197,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + for (c = 0; certmap_list[c] != NULL; c++) { ++ rules_present = true; + + if (!all_rules && !string_in_list(certmap_list[c]->name, + ssh_ctx->cert_rules, true)) { +@@ -227,12 +230,27 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx, + } + + if (!rule_added) { +- DEBUG(SSSDBG_CONF_SETTINGS, +- "No matching rule added, please check " +- "ssh_use_certificate_matching_rules option values for typos .\n"); +- +- ret = EINVAL; +- goto done; ++ if (!rules_present) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "No rules available, trying to add default matching rule.\n"); ++ ret = sss_certmap_add_rule(sss_certmap_ctx, SSS_CERTMAP_MIN_PRIO, ++ CERT_AUTH_DEFAULT_MATCHING_RULE, ++ NULL, NULL); ++ if (ret != 0) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ "Failed to add default matching rule [%d][%s].\n", ++ ret, sss_strerror(ret)); ++ goto done; ++ } ++ } else { ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "No matching rule added, please check " ++ "ssh_use_certificate_matching_rules option values for " ++ "typos.\n"); ++ ++ ret = EINVAL; ++ goto done; ++ } + } + + ret = EOK; +diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c +index fc43663a7..a48013416 100644 +--- a/src/tests/cmocka/test_ssh_srv.c ++++ b/src/tests/cmocka/test_ssh_srv.c +@@ -769,6 +769,62 @@ void test_ssh_user_pubkey_cert_with_all_rules(void **state) + assert_int_equal(ret, EOK); + } + ++void test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present(void **state) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ /* Both rules are enabled, both certificates should be handled. */ ++ const char *rule_list[] = { "all_rules", NULL }; ++ ++ attrs = sysdb_new_attrs(ssh_test_ctx); ++ assert_non_null(attrs); ++ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0001); ++ assert_int_equal(ret, EOK); ++ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT, ++ SSSD_TEST_CERT_0002); ++ assert_int_equal(ret, EOK); ++ ++ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom, ++ ssh_test_ctx->ssh_user_fqdn, ++ attrs, ++ LDB_FLAG_MOD_ADD); ++ talloc_free(attrs); ++ assert_int_equal(ret, EOK); ++ ++ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn); ++ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); ++ ++ /* Enable certificate support */ ++ ssh_test_ctx->ssh_ctx->use_cert_keys = true; ++ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = NULL; ++ ssh_test_ctx->ssh_ctx->certmap_last_read = 0; ++ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1; ++ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list); ++#ifdef HAVE_NSS ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR ++ "/src/tests/test_CA/p11_nssdb"); ++#else ++ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR ++ "/src/tests/test_CA/SSSD_test_CA.pem"); ++#endif ++ ++ set_cmd_cb(test_ssh_user_pubkey_cert_check); ++ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS, ++ ssh_test_ctx->ssh_cmds); ++ assert_int_equal(ret, EOK); ++ ++ /* Wait until the test finishes with EOK */ ++ ret = test_ev_loop(ssh_test_ctx->tctx); ++ assert_int_equal(ret, EOK); ++} ++ + void test_ssh_user_pubkey_cert_with_no_rules(void **state) + { + int ret; +@@ -966,6 +1022,8 @@ int main(int argc, const char *argv[]) + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules, + ssh_test_setup, ssh_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present, ++ ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules, + ssh_test_setup, ssh_test_teardown), + cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name, +-- +2.21.1 + diff --git a/SOURCES/0031-BE-Pass-in-attribute-to-look-up-with-instead-of-hard.patch b/SOURCES/0031-BE-Pass-in-attribute-to-look-up-with-instead-of-hard.patch deleted file mode 100644 index 61161cd..0000000 --- a/SOURCES/0031-BE-Pass-in-attribute-to-look-up-with-instead-of-hard.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 828edc4089ef570245081afb3bf81bbad4c9f91a Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 21 May 2019 12:09:24 +0200 -Subject: [PATCH 31/48] BE: Pass in attribute to look up with instead of - hardcoding SYSDB_NAME - -In later patches, we will implement refreshes for AD or IPA which might -refresh objects that do not have a name yet, but always do have a different -attribute, like a SID or a uniqueID. In this case, it's better to use that -different attribute instead of name. - -This patch allows the caller to tell the refresh module which attribute -to use. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 12 ++++++++---- - src/providers/be_refresh.h | 3 ++- - src/providers/ldap/sdap_refresh.c | 2 +- - 3 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index c7b048a95..66cc4cf98 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -89,6 +89,7 @@ done: - - static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - enum be_refresh_type type, -+ const char *attr_name, - struct sss_domain_info *domain, - time_t period, - char ***_values) -@@ -116,7 +117,7 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - } - - ret = be_refresh_get_values_ex(mem_ctx, domain, period, -- base_dn, SYSDB_NAME, _values); -+ base_dn, attr_name, _values); - - talloc_free(base_dn); - return ret; -@@ -131,10 +132,12 @@ struct be_refresh_cb { - }; - - struct be_refresh_ctx { -+ const char *attr_name; - struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; - }; - --struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx) -+struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, -+ const char *attr_name) - { - struct be_refresh_ctx *ctx = NULL; - uint32_t refresh_interval; -@@ -145,6 +148,7 @@ struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx) - return NULL; - } - -+ ctx->attr_name = attr_name; - ctx->callbacks[BE_REFRESH_TYPE_USERS].name = "users"; - ctx->callbacks[BE_REFRESH_TYPE_GROUPS].name = "groups"; - ctx->callbacks[BE_REFRESH_TYPE_NETGROUPS].name = "netgroups"; -@@ -284,8 +288,8 @@ static errno_t be_refresh_step(struct tevent_req *req) - goto done; - } - -- ret = be_refresh_get_values(state, state->index, state->domain, -- state->period, &values); -+ ret = be_refresh_get_values(state, state->index, state->ctx->attr_name, -+ state->domain, state->period, &values); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to obtain DN list [%d]: %s\n", - ret, sss_strerror(ret)); -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 664f01816..8c7b1d0ba 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -52,7 +52,8 @@ enum be_refresh_type { - - struct be_refresh_ctx; - --struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx); -+struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, -+ const char *attr_name); - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - enum be_refresh_type type, -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index 457df8be2..ed04da36a 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -260,7 +260,7 @@ errno_t sdap_refresh_init(struct be_ctx *be_ctx, - { - errno_t ret; - -- be_ctx->refresh_ctx = be_refresh_ctx_init(be_ctx); -+ be_ctx->refresh_ctx = be_refresh_ctx_init(be_ctx, SYSDB_NAME); - if (be_ctx->refresh_ctx == NULL) { - DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); - return ENOMEM; --- -2.20.1 - diff --git a/SOURCES/0032-BE-Change-be_refresh_ctx_init-to-return-errno-and-se.patch b/SOURCES/0032-BE-Change-be_refresh_ctx_init-to-return-errno-and-se.patch deleted file mode 100644 index 72be1ee..0000000 --- a/SOURCES/0032-BE-Change-be_refresh_ctx_init-to-return-errno-and-se.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 87ae9cf0fd747e39d1769e6b432b7f48d41f9302 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 21 May 2019 12:07:34 +0200 -Subject: [PATCH 32/48] BE: Change be_refresh_ctx_init to return errno and set - be_ctx->refresh_ctx - -It is a bit odd that a caller to a be_ function would set a property of -be_ctx. IMO it is cleaner if the function has a side-effect and sets the -property internally and rather returns errno. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 13 +++++++------ - src/providers/be_refresh.h | 4 ++-- - src/providers/ldap/sdap_refresh.c | 4 ++-- - 3 files changed, 11 insertions(+), 10 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 66cc4cf98..8a6e1ba58 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -136,8 +136,8 @@ struct be_refresh_ctx { - struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; - }; - --struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, -- const char *attr_name) -+errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, -+ const char *attr_name) - { - struct be_refresh_ctx *ctx = NULL; - uint32_t refresh_interval; -@@ -145,7 +145,7 @@ struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, - - ctx = talloc_zero(be_ctx, struct be_refresh_ctx); - if (ctx == NULL) { -- return NULL; -+ return ENOMEM; - } - - ctx->attr_name = attr_name; -@@ -158,17 +158,18 @@ struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, - ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, - refresh_interval, BE_PTASK_OFFLINE_SKIP, 0, - be_refresh_send, be_refresh_recv, -- be_ctx->refresh_ctx, "Refresh Records", NULL); -+ ctx, "Refresh Records", NULL); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to initialize refresh periodic task [%d]: %s\n", - ret, sss_strerror(ret)); - talloc_free(ctx); -- return NULL; -+ return ret; - } - } - -- return ctx; -+ be_ctx->refresh_ctx = ctx; -+ return EOK; - } - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 8c7b1d0ba..980ac7d06 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -52,8 +52,8 @@ enum be_refresh_type { - - struct be_refresh_ctx; - --struct be_refresh_ctx *be_refresh_ctx_init(struct be_ctx *be_ctx, -- const char *attr_name); -+errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, -+ const char *attr_name); - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - enum be_refresh_type type, -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index ed04da36a..baa7fa59f 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -260,8 +260,8 @@ errno_t sdap_refresh_init(struct be_ctx *be_ctx, - { - errno_t ret; - -- be_ctx->refresh_ctx = be_refresh_ctx_init(be_ctx, SYSDB_NAME); -- if (be_ctx->refresh_ctx == NULL) { -+ ret = be_refresh_ctx_init(be_ctx, SYSDB_NAME); -+ if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); - return ENOMEM; - } --- -2.20.1 - diff --git a/SOURCES/0033-BE-LDAP-Split-out-a-helper-function-from-sdap_refres.patch b/SOURCES/0033-BE-LDAP-Split-out-a-helper-function-from-sdap_refres.patch deleted file mode 100644 index 0523de5..0000000 --- a/SOURCES/0033-BE-LDAP-Split-out-a-helper-function-from-sdap_refres.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 003f8647f9dbeec1a54060fb4e376f04865aafea Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 8 May 2019 14:38:44 +0200 -Subject: [PATCH 33/48] BE/LDAP: Split out a helper function from sdap_refresh - for later reuse - -Every refresh request will send a similar account_req. Let's split out -the function that creates the account_req into a reusable one. - -Also removes the type string as it was only used in DEBUG messages and -there is already a function in the back end API that provides the same -functionality. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 18 ++++++++++++++++++ - src/providers/be_refresh.h | 4 ++++ - src/providers/ldap/sdap_refresh.c | 29 +++++------------------------ - 3 files changed, 27 insertions(+), 24 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 8a6e1ba58..c49229e71 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -362,3 +362,21 @@ errno_t be_refresh_recv(struct tevent_req *req) - - return EOK; - } -+ -+struct dp_id_data *be_refresh_acct_req(TALLOC_CTX *mem_ctx, -+ uint32_t entry_type, -+ struct sss_domain_info *domain) -+{ -+ struct dp_id_data *account_req; -+ -+ account_req = talloc_zero(mem_ctx, struct dp_id_data); -+ if (account_req == NULL) { -+ return NULL; -+ } -+ -+ account_req->entry_type = entry_type; -+ account_req->filter_type = BE_FILTER_NAME; -+ account_req->extra_value = NULL; -+ account_req->domain = domain->name; -+ return account_req; -+} -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 980ac7d06..b7ba5d4c2 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -69,4 +69,8 @@ struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, - - errno_t be_refresh_recv(struct tevent_req *req); - -+struct dp_id_data *be_refresh_acct_req(TALLOC_CTX *mem_ctx, -+ uint32_t entry_type, -+ struct sss_domain_info *domain); -+ - #endif /* _DP_REFRESH_H_ */ -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index baa7fa59f..af39d8686 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -30,7 +30,6 @@ struct sdap_refresh_state { - struct dp_id_data *account_req; - struct sdap_id_ctx *id_ctx; - struct sdap_domain *sdom; -- const char *type; - char **names; - size_t index; - }; -@@ -74,32 +73,12 @@ static struct tevent_req *sdap_refresh_send(TALLOC_CTX *mem_ctx, - goto immediately; - } - -- switch (entry_type) { -- case BE_REQ_USER: -- state->type = "user"; -- break; -- case BE_REQ_GROUP: -- state->type = "group"; -- break; -- case BE_REQ_NETGROUP: -- state->type = "netgroup"; -- break; -- default: -- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid entry type [%d]!\n", entry_type); -- } -- -- state->account_req = talloc_zero(state, struct dp_id_data); -+ state->account_req = be_refresh_acct_req(state, entry_type, domain); - if (state->account_req == NULL) { - ret = ENOMEM; - goto immediately; - } - -- state->account_req->entry_type = entry_type; -- state->account_req->filter_type = BE_FILTER_NAME; -- state->account_req->extra_value = NULL; -- state->account_req->domain = domain->name; -- /* filter will be filled later */ -- - ret = sdap_refresh_step(req); - if (ret == EOK) { - DEBUG(SSSDBG_TRACE_FUNC, "Nothing to refresh\n"); -@@ -143,7 +122,8 @@ static errno_t sdap_refresh_step(struct tevent_req *req) - } - - DEBUG(SSSDBG_TRACE_FUNC, "Issuing refresh of %s %s\n", -- state->type, state->account_req->filter_value); -+ be_req2str(state->account_req->entry_type), -+ state->account_req->filter_value); - - subreq = sdap_handle_acct_req_send(state, state->be_ctx, - state->account_req, state->id_ctx, -@@ -178,7 +158,8 @@ static void sdap_refresh_done(struct tevent_req *subreq) - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh %s [dp_error: %d, " -- "sdap_ret: %d, errno: %d]: %s\n", state->type, -+ "sdap_ret: %d, errno: %d]: %s\n", -+ be_req2str(state->account_req->entry_type), - dp_error, sdap_ret, ret, err_msg); - goto done; - } --- -2.20.1 - diff --git a/SOURCES/0034-BE-Pass-in-filter_type-when-creating-the-refresh-acc.patch b/SOURCES/0034-BE-Pass-in-filter_type-when-creating-the-refresh-acc.patch deleted file mode 100644 index 9ac5adf..0000000 --- a/SOURCES/0034-BE-Pass-in-filter_type-when-creating-the-refresh-acc.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 91f0382974ca7ed158ddb3da179b41c96292cc19 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 21 May 2019 12:07:59 +0200 -Subject: [PATCH 34/48] BE: Pass in filter_type when creating the refresh - account request - -For refreshing AD users and groups, we'll want to create a request by -SID, for all other requests we'll want to create a request by name. This -patch allows parametrizing the request creation by the caller. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 3 ++- - src/providers/be_refresh.h | 1 + - src/providers/ldap/sdap_refresh.c | 3 ++- - 3 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index c49229e71..c4ff71e1f 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -365,6 +365,7 @@ errno_t be_refresh_recv(struct tevent_req *req) - - struct dp_id_data *be_refresh_acct_req(TALLOC_CTX *mem_ctx, - uint32_t entry_type, -+ uint32_t filter_type, - struct sss_domain_info *domain) - { - struct dp_id_data *account_req; -@@ -375,7 +376,7 @@ struct dp_id_data *be_refresh_acct_req(TALLOC_CTX *mem_ctx, - } - - account_req->entry_type = entry_type; -- account_req->filter_type = BE_FILTER_NAME; -+ account_req->filter_type = filter_type; - account_req->extra_value = NULL; - account_req->domain = domain->name; - return account_req; -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index b7ba5d4c2..c7b4872df 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -71,6 +71,7 @@ errno_t be_refresh_recv(struct tevent_req *req); - - struct dp_id_data *be_refresh_acct_req(TALLOC_CTX *mem_ctx, - uint32_t entry_type, -+ uint32_t filter_type, - struct sss_domain_info *domain); - - #endif /* _DP_REFRESH_H_ */ -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index af39d8686..2206d6670 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -73,7 +73,8 @@ static struct tevent_req *sdap_refresh_send(TALLOC_CTX *mem_ctx, - goto immediately; - } - -- state->account_req = be_refresh_acct_req(state, entry_type, domain); -+ state->account_req = be_refresh_acct_req(state, entry_type, -+ BE_FILTER_NAME, domain); - if (state->account_req == NULL) { - ret = ENOMEM; - goto immediately; --- -2.20.1 - diff --git a/SOURCES/0035-BE-Send-refresh-requests-in-batches.patch b/SOURCES/0035-BE-Send-refresh-requests-in-batches.patch deleted file mode 100644 index d15bd97..0000000 --- a/SOURCES/0035-BE-Send-refresh-requests-in-batches.patch +++ /dev/null @@ -1,297 +0,0 @@ -From bf3f506d14cf89b9d1d1e3504524b231a6cef2b1 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 8 May 2019 23:16:07 +0200 -Subject: [PATCH 35/48] BE: Send refresh requests in batches - -As we extend the background refresh into larger domains, the amount of -data that SSSD refreshes on the background might be larger. And -refreshing all expired entries in a single request might block sssd_be -for a long time, either triggering the watchdog or starving other -legitimate requests. - -Therefore the background refresh will be done in batches of 200 entries. -The first batch of every type (up to 200 users, up to 200 groups, ...) -will be scheduled imediatelly and subsequent batches with a 0.5 second -delay. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 131 ++++++++++++++++++++++---- - src/tests/cmocka/test_expire_common.c | 6 +- - src/tests/sss_idmap-tests.c | 8 +- - src/util/util.h | 8 ++ - 4 files changed, 128 insertions(+), 25 deletions(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index c4ff71e1f..5d86509bb 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -204,8 +204,21 @@ struct be_refresh_state { - struct sss_domain_info *domain; - enum be_refresh_type index; - time_t period; -+ -+ char **refresh_values; -+ size_t refresh_val_size; -+ size_t refresh_index; -+ -+ size_t batch_size; -+ char **refresh_batch; - }; - -+static errno_t be_refresh_batch_step(struct tevent_req *req, -+ uint32_t msec_delay); -+static void be_refresh_batch_step_wakeup(struct tevent_context *ev, -+ struct tevent_timer *tt, -+ struct timeval tv, -+ void *pvt); - static errno_t be_refresh_step(struct tevent_req *req); - static void be_refresh_done(struct tevent_req *subreq); - -@@ -236,6 +249,13 @@ struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, - goto immediately; - } - -+ state->batch_size = 200; -+ state->refresh_batch = talloc_zero_array(state, char *, state->batch_size+1); -+ if (state->refresh_batch == NULL) { -+ ret = ENOMEM; -+ goto immediately; -+ } -+ - ret = be_refresh_step(req); - if (ret == EOK) { - goto immediately; -@@ -261,8 +281,6 @@ immediately: - static errno_t be_refresh_step(struct tevent_req *req) - { - struct be_refresh_state *state = NULL; -- struct tevent_req *subreq = NULL; -- char **values = NULL; - errno_t ret; - - state = tevent_req_data(req, struct be_refresh_state); -@@ -289,42 +307,103 @@ static errno_t be_refresh_step(struct tevent_req *req) - goto done; - } - -+ talloc_zfree(state->refresh_values); - ret = be_refresh_get_values(state, state->index, state->ctx->attr_name, -- state->domain, state->period, &values); -+ state->domain, state->period, -+ &state->refresh_values); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to obtain DN list [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - -- DEBUG(SSSDBG_TRACE_FUNC, "Refreshing %s in domain %s\n", -- state->cb->name, state->domain->name); -+ for (state->refresh_val_size = 0; -+ state->refresh_values[state->refresh_val_size] != NULL; -+ state->refresh_val_size++); -+ -+ DEBUG(SSSDBG_TRACE_FUNC, "Refreshing %zu %s in domain %s\n", -+ state->refresh_val_size, state->cb->name, state->domain->name); - -- subreq = state->cb->send_fn(state, state->ev, state->be_ctx, -- state->domain, values, state->cb->pvt); -- if (subreq == NULL) { -- ret = ENOMEM; -+ ret = be_refresh_batch_step(req, 0); -+ if (ret == EOK) { -+ state->index++; -+ continue; -+ } else if (ret != EAGAIN) { - goto done; - } -- -- /* make the list disappear with subreq */ -- talloc_steal(subreq, values); -- -- tevent_req_set_callback(subreq, be_refresh_done, req); -+ /* EAGAIN only, refreshing something.. */ - - state->index++; -- ret = EAGAIN; - goto done; - } - - ret = EOK; - - done: -- if (ret != EOK && ret != EAGAIN) { -- talloc_free(values); -+ return ret; -+} -+ -+static errno_t be_refresh_batch_step(struct tevent_req *req, -+ uint32_t msec_delay) -+{ -+ struct be_refresh_state *state = tevent_req_data(req, struct be_refresh_state); -+ struct timeval tv; -+ struct tevent_timer *timeout = NULL; -+ -+ size_t remaining; -+ size_t batch_size; -+ -+ memset(state->refresh_batch, 0, sizeof(char *) * state->batch_size); -+ -+ if (state->refresh_index >= state->refresh_val_size) { -+ DEBUG(SSSDBG_FUNC_DATA, "The batch is done\n"); -+ state->refresh_index = 0; -+ return EOK; - } - -- return ret; -+ remaining = state->refresh_val_size - state->refresh_index; -+ batch_size = MIN(remaining, state->batch_size); -+ DEBUG(SSSDBG_FUNC_DATA, -+ "This batch will refresh %zu entries (so far %zu/%zu)\n", -+ batch_size, state->refresh_index, state->refresh_val_size); -+ -+ for (size_t i = 0; i < batch_size; i++) { -+ state->refresh_batch[i] = state->refresh_values[state->refresh_index]; -+ state->refresh_index++; -+ } -+ -+ tv = tevent_timeval_current_ofs(0, msec_delay * 1000); -+ timeout = tevent_add_timer(state->be_ctx->ev, req, tv, -+ be_refresh_batch_step_wakeup, req); -+ if (timeout == NULL) { -+ return ENOMEM; -+ } -+ -+ return EAGAIN; -+} -+ -+static void be_refresh_batch_step_wakeup(struct tevent_context *ev, -+ struct tevent_timer *tt, -+ struct timeval tv, -+ void *pvt) -+{ -+ struct tevent_req *req; -+ struct tevent_req *subreq = NULL; -+ struct be_refresh_state *state = NULL; -+ -+ req = talloc_get_type(pvt, struct tevent_req); -+ state = tevent_req_data(req, struct be_refresh_state); -+ -+ DEBUG(SSSDBG_TRACE_INTERNAL, "Issuing refresh\n"); -+ subreq = state->cb->send_fn(state, state->ev, state->be_ctx, -+ state->domain, -+ state->refresh_batch, -+ state->cb->pvt); -+ if (subreq == NULL) { -+ tevent_req_error(req, ENOMEM); -+ return; -+ } -+ tevent_req_set_callback(subreq, be_refresh_done, req); - } - - static void be_refresh_done(struct tevent_req *subreq) -@@ -342,8 +421,24 @@ static void be_refresh_done(struct tevent_req *subreq) - goto done; - } - -+ ret = be_refresh_batch_step(req, 500); -+ if (ret == EAGAIN) { -+ DEBUG(SSSDBG_TRACE_INTERNAL, -+ "Another batch in this step in progress\n"); -+ return; -+ } else if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "be_refresh_batch_step failed [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ goto done; -+ } -+ -+ DEBUG(SSSDBG_TRACE_INTERNAL, "All batches in this step refreshed\n"); -+ -+ /* Proceed to the next step */ - ret = be_refresh_step(req); - if (ret == EAGAIN) { -+ DEBUG(SSSDBG_TRACE_INTERNAL, "Another step in progress\n"); - return; - } - -diff --git a/src/tests/cmocka/test_expire_common.c b/src/tests/cmocka/test_expire_common.c -index 5d3ea02f3..4f6168190 100644 ---- a/src/tests/cmocka/test_expire_common.c -+++ b/src/tests/cmocka/test_expire_common.c -@@ -32,7 +32,7 @@ - #include "tests/common_check.h" - #include "tests/cmocka/test_expire_common.h" - --#define MAX 100 -+#define MAX_VAL 100 - - static char *now_str(TALLOC_CTX *mem_ctx, const char* format, int s) - { -@@ -41,10 +41,10 @@ static char *now_str(TALLOC_CTX *mem_ctx, const char* format, int s) - size_t len; - char *timestr; - -- timestr = talloc_array(mem_ctx, char, MAX); -+ timestr = talloc_array(mem_ctx, char, MAX_VAL); - - tm = gmtime(&t); -- len = strftime(timestr, MAX, format, tm); -+ len = strftime(timestr, MAX_VAL, format, tm); - if (len == 0) { - return NULL; - } -diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c -index 96f0861ac..e5f3f7041 100644 ---- a/src/tests/sss_idmap-tests.c -+++ b/src/tests/sss_idmap-tests.c -@@ -140,8 +140,8 @@ void idmap_add_domain_with_sec_slices_setup_cb_fail(void) - } - - --#define MAX 1000 --char data[MAX]; -+#define DATA_MAX 1000 -+char data[DATA_MAX]; - - enum idmap_error_code cb2(const char *dom_name, - const char *dom_sid, -@@ -154,10 +154,10 @@ enum idmap_error_code cb2(const char *dom_name, - char *p = (char*)pvt; - size_t len; - -- len = snprintf(p, MAX, "%s, %s %s, %"PRIu32", %"PRIu32", %" PRIu32, -+ len = snprintf(p, DATA_MAX, "%s, %s %s, %"PRIu32", %"PRIu32", %" PRIu32, - dom_name, dom_sid, range_id, min_id, max_id, first_rid); - -- if (len >= MAX) { -+ if (len >= DATA_MAX) { - return IDMAP_OUT_OF_MEMORY; - } - return IDMAP_SUCCESS; -diff --git a/src/util/util.h b/src/util/util.h -index c5680d89a..13e434b62 100644 ---- a/src/util/util.h -+++ b/src/util/util.h -@@ -67,6 +67,14 @@ - #define NULL 0 - #endif - -+#ifndef MIN -+#define MIN(a, b) (((a) < (b)) ? (a) : (b)) -+#endif -+ -+#ifndef MAX -+#define MAX(a, b) (((a) > (b)) ? (a) : (b)) -+#endif -+ - #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS - - #define SSSD_SERVER_OPTS(uid, gid) \ --- -2.20.1 - diff --git a/SOURCES/0036-BE-Extend-be_ptask_create-with-control-when-to-sched.patch b/SOURCES/0036-BE-Extend-be_ptask_create-with-control-when-to-sched.patch deleted file mode 100644 index dddaf8d..0000000 --- a/SOURCES/0036-BE-Extend-be_ptask_create-with-control-when-to-sched.patch +++ /dev/null @@ -1,496 +0,0 @@ -From 25b9f34fb2c7ea493c5e0fe83047703ec65fe60c Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 18 Jun 2019 20:49:00 +0200 -Subject: [PATCH 36/48] BE: Extend be_ptask_create() with control when to - schedule next run after success - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -be_ptask_create() used to always schedule the next periodical run -"period" seconds after the previous run started. This is great for tasks -that are short-lived like DNS updates because we know they will be -executed really with the configured period. - -But the background refresh task can potentially take a very long time in -which case the next run could have been scheduled almost immediately and -as a result sssd_be would always be quite busy. It is better to have the -option to schedule the next task period seconds after the last run has -finished. This can lead to some inconsistency, but we can warn the -admin about that. - -This patch so far does not change any of the existing calls to -be_ptask_create(), just adds BE_PTASK_SCHEDULE_FROM_LAST as an -additional parameter. - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_dyndns.c | 3 +- - src/providers/ad/ad_machine_pw_renewal.c | 4 +- - src/providers/ad/ad_subdomains.c | 4 +- - src/providers/be_ptask.c | 10 ++-- - src/providers/be_ptask.h | 24 ++++++++- - src/providers/be_ptask_private.h | 1 + - src/providers/be_refresh.c | 4 +- - src/providers/ipa/ipa_dyndns.c | 5 +- - src/providers/ipa/ipa_subdomains.c | 4 +- - src/providers/ldap/ldap_id_enum.c | 1 + - src/providers/ldap/sdap_sudo_shared.c | 8 ++- - src/tests/cmocka/test_be_ptask.c | 62 ++++++++++++++++-------- - 12 files changed, 95 insertions(+), 35 deletions(-) - -diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c -index 52a4e4d53..02ea7f24b 100644 ---- a/src/providers/ad/ad_dyndns.c -+++ b/src/providers/ad/ad_dyndns.c -@@ -97,8 +97,9 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, - "dyndns_refresh_interval is 0\n"); - return EINVAL; - } -+ - ret = be_ptask_create(ad_opts, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, BE_PTASK_SCHEDULE_FROM_LAST, 0, - ad_dyndns_update_send, ad_dyndns_update_recv, ad_opts, - "Dyndns update", NULL); - -diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c -index 5b6ba26b7..47941dfbf 100644 ---- a/src/providers/ad/ad_machine_pw_renewal.c -+++ b/src/providers/ad/ad_machine_pw_renewal.c -@@ -382,7 +382,9 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, - } - - ret = be_ptask_create(be_ctx, be_ctx, period, initial_delay, 0, 0, 60, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - ad_machine_account_password_renewal_send, - ad_machine_account_password_renewal_recv, - renewal_data, -diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c -index c4ac23065..2510498da 100644 ---- a/src/providers/ad/ad_subdomains.c -+++ b/src/providers/ad/ad_subdomains.c -@@ -2066,7 +2066,9 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, - - period = be_ctx->domain->subdomain_refresh_interval; - ret = be_ptask_create(sd_ctx, be_ctx, period, 0, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - ad_subdomains_ptask_send, ad_subdomains_ptask_recv, sd_ctx, - "Subdomains Refresh", NULL); - if (ret != EOK) { -diff --git a/src/providers/be_ptask.c b/src/providers/be_ptask.c -index c43351755..32d9a03ce 100644 ---- a/src/providers/be_ptask.c -+++ b/src/providers/be_ptask.c -@@ -30,11 +30,6 @@ - - #define backoff_allowed(ptask) (ptask->max_backoff != 0) - --enum be_ptask_schedule { -- BE_PTASK_SCHEDULE_FROM_NOW, -- BE_PTASK_SCHEDULE_FROM_LAST --}; -- - enum be_ptask_delay { - BE_PTASK_FIRST_DELAY, - BE_PTASK_ENABLED_DELAY, -@@ -182,7 +177,7 @@ static void be_ptask_done(struct tevent_req *req) - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: finished successfully\n", - task->name); - -- be_ptask_schedule(task, BE_PTASK_PERIOD, BE_PTASK_SCHEDULE_FROM_LAST); -+ be_ptask_schedule(task, BE_PTASK_PERIOD, task->success_schedule_type); - break; - default: - DEBUG(SSSDBG_OP_FAILURE, "Task [%s]: failed with [%d]: %s\n", -@@ -268,6 +263,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t random_offset, - time_t timeout, - enum be_ptask_offline offline, -+ enum be_ptask_schedule success_schedule_type, - time_t max_backoff, - be_ptask_send_t send_fn, - be_ptask_recv_t recv_fn, -@@ -300,6 +296,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - task->max_backoff = max_backoff; - task->timeout = timeout; - task->offline = offline; -+ task->success_schedule_type = success_schedule_type; - task->send_fn = send_fn; - task->recv_fn = recv_fn; - task->pvt = pvt; -@@ -470,6 +467,7 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - - ret = be_ptask_create(mem_ctx, be_ctx, period, first_delay, - enabled_delay, random_offset, timeout, offline, -+ BE_PTASK_SCHEDULE_FROM_LAST, - max_backoff, be_ptask_sync_send, be_ptask_sync_recv, - ctx, name, _task); - if (ret != EOK) { -diff --git a/src/providers/be_ptask.h b/src/providers/be_ptask.h -index 3b9755361..c23278e88 100644 ---- a/src/providers/be_ptask.h -+++ b/src/providers/be_ptask.h -@@ -46,6 +46,19 @@ enum be_ptask_offline { - BE_PTASK_OFFLINE_EXECUTE - }; - -+/** -+ * Defines the starting point for scheduling a task -+ */ -+enum be_ptask_schedule { -+ /* Schedule starting from now, typically this is used when scheduling -+ * relative to the finish time -+ */ -+ BE_PTASK_SCHEDULE_FROM_NOW, -+ /* Schedule relative to the start time of the task -+ */ -+ BE_PTASK_SCHEDULE_FROM_LAST -+}; -+ - typedef struct tevent_req * - (*be_ptask_send_t)(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -@@ -75,6 +88,14 @@ typedef errno_t - * The first execution is scheduled first_delay seconds after the task is - * created. - * -+ * Subsequent runs will be scheduled depending on the value of the -+ * success_schedule_type parameter: -+ * - BE_PTASK_SCHEDULE_FROM_NOW: period seconds from the finish time -+ * - BE_PTASK_SCHEDULE_FROM_LAST: period seconds from the last start time -+ * -+ * If the test fails, another run is always scheduled period seconds -+ * from the finish time. -+ * - * If request does not complete in timeout seconds, it will be - * cancelled and rescheduled to 'now + period'. - * -@@ -83,7 +104,7 @@ typedef errno_t - * - * The random_offset is maximum number of seconds added to the - * expected delay. Set to 0 if no randomization is needed. -- -+ * - * If max_backoff is not 0 then the period is doubled - * every time the task is scheduled. The maximum value of - * period is max_backoff. The value of period will be reset to -@@ -100,6 +121,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t random_offset, - time_t timeout, - enum be_ptask_offline offline, -+ enum be_ptask_schedule success_schedule_type, - time_t max_backoff, - be_ptask_send_t send_fn, - be_ptask_recv_t recv_fn, -diff --git a/src/providers/be_ptask_private.h b/src/providers/be_ptask_private.h -index 4144a3938..e89105f95 100644 ---- a/src/providers/be_ptask_private.h -+++ b/src/providers/be_ptask_private.h -@@ -32,6 +32,7 @@ struct be_ptask { - time_t timeout; - time_t max_backoff; - enum be_ptask_offline offline; -+ enum be_ptask_schedule success_schedule_type; - be_ptask_send_t send_fn; - be_ptask_recv_t recv_fn; - void *pvt; -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 5d86509bb..50b023c3d 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -156,7 +156,9 @@ errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - refresh_interval = be_ctx->domain->refresh_expired_interval; - if (refresh_interval > 0) { - ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, -- refresh_interval, BE_PTASK_OFFLINE_SKIP, 0, -+ refresh_interval, BE_PTASK_OFFLINE_SKIP, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - be_refresh_send, be_refresh_recv, - ctx, "Refresh Records", NULL); - if (ret != EOK) { -diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c -index a692b0d19..8e8ff5a4f 100644 ---- a/src/providers/ipa/ipa_dyndns.c -+++ b/src/providers/ipa/ipa_dyndns.c -@@ -72,8 +72,11 @@ errno_t ipa_dyndns_init(struct be_ctx *be_ctx, - "dyndns_refresh_interval is 0\n"); - return EINVAL; - } -+ - ret = be_ptask_create(ctx, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - ipa_dyndns_update_send, ipa_dyndns_update_recv, ctx, - "Dyndns update", NULL); - if (ret != EOK) { -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index 94365aaca..3a17c851d 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -3134,7 +3134,9 @@ errno_t ipa_subdomains_init(TALLOC_CTX *mem_ctx, - - period = be_ctx->domain->subdomain_refresh_interval; - ret = be_ptask_create(sd_ctx, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - ipa_subdomains_ptask_send, ipa_subdomains_ptask_recv, sd_ctx, - "Subdomains Refresh", NULL); - if (ret != EOK) { -diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c -index 8832eb558..062185c55 100644 ---- a/src/providers/ldap/ldap_id_enum.c -+++ b/src/providers/ldap/ldap_id_enum.c -@@ -99,6 +99,7 @@ errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, - 0, /* random offset */ - period, /* timeout */ - BE_PTASK_OFFLINE_SKIP, -+ BE_PTASK_SCHEDULE_FROM_LAST, - 0, /* max_backoff */ - send_fn, recv_fn, - ectx, "enumeration", &sdom->enum_task); -diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c -index d2f24ed6e..a00d8e6a9 100644 ---- a/src/providers/ldap/sdap_sudo_shared.c -+++ b/src/providers/ldap/sdap_sudo_shared.c -@@ -90,7 +90,9 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - * when offline. */ - if (full > 0) { - ret = be_ptask_create(be_ctx, be_ctx, full, delay, 0, 0, full, -- BE_PTASK_OFFLINE_DISABLE, 0, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - full_send_fn, full_recv_fn, pvt, - "SUDO Full Refresh", NULL); - if (ret != EOK) { -@@ -107,7 +109,9 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - * when offline. */ - if (smart > 0) { - ret = be_ptask_create(be_ctx, be_ctx, smart, delay + smart, smart, 0, -- smart, BE_PTASK_OFFLINE_DISABLE, 0, -+ smart, BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, - smart_send_fn, smart_recv_fn, pvt, - "SUDO Smart Refresh", NULL); - if (ret != EOK) { -diff --git a/src/tests/cmocka/test_be_ptask.c b/src/tests/cmocka/test_be_ptask.c -index 356d9f9e2..03b1165bb 100644 ---- a/src/tests/cmocka/test_be_ptask.c -+++ b/src/tests/cmocka/test_be_ptask.c -@@ -304,7 +304,8 @@ void test_be_ptask_create_einval_be(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, NULL, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, NULL, "Test ptask", &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); -@@ -317,7 +318,8 @@ void test_be_ptask_create_einval_period(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, 0, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, NULL, "Test ptask", &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); -@@ -330,7 +332,8 @@ void test_be_ptask_create_einval_send(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, NULL, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, NULL, - test_be_ptask_recv, NULL, "Test ptask", &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); -@@ -343,7 +346,8 @@ void test_be_ptask_create_einval_recv(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - NULL, NULL, "Test ptask", &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); -@@ -356,7 +360,8 @@ void test_be_ptask_create_einval_name(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, NULL, NULL, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); -@@ -371,7 +376,8 @@ void test_be_ptask_create_no_delay(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -398,7 +404,8 @@ void test_be_ptask_create_first_delay(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, DELAY, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -423,7 +430,8 @@ void test_be_ptask_disable(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -447,7 +455,8 @@ void test_be_ptask_enable(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -479,7 +488,8 @@ void test_be_ptask_enable_delay(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, DELAY, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -518,7 +528,8 @@ void test_be_ptask_offline_skip(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -551,7 +562,9 @@ void test_be_ptask_offline_disable(void **state) - will_return(be_add_offline_cb, test_ctx); - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_DISABLE, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_DISABLE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -581,7 +594,9 @@ void test_be_ptask_offline_execute(void **state) - mark_offline(test_ctx); - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_EXECUTE, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_EXECUTE, -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -608,7 +623,8 @@ void test_be_ptask_reschedule_ok(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -639,7 +655,8 @@ void test_be_ptask_reschedule_null(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_null_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_null_send, - test_be_ptask_recv, test_ctx, "Test ptask", - &ptask); - assert_int_equal(ret, ERR_OK); -@@ -666,7 +683,8 @@ void test_be_ptask_reschedule_error(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_error_recv, test_ctx, "Test ptask", - &ptask); - assert_int_equal(ret, ERR_OK); -@@ -693,7 +711,8 @@ void test_be_ptask_reschedule_timeout(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 1, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_timeout_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_timeout_send, - test_be_ptask_error_recv, test_ctx, "Test ptask", - &ptask); - assert_int_equal(ret, ERR_OK); -@@ -730,7 +749,8 @@ void test_be_ptask_reschedule_backoff(void **state) - - now_first = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, PERIOD*2, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ PERIOD*2, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -784,7 +804,8 @@ void test_be_ptask_get_period(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -804,7 +825,8 @@ void test_be_ptask_get_timeout(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, TIMEOUT, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_send, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); --- -2.20.1 - diff --git a/SOURCES/0037-BE-Schedule-the-refresh-interval-from-the-finish-tim.patch b/SOURCES/0037-BE-Schedule-the-refresh-interval-from-the-finish-tim.patch deleted file mode 100644 index 664c6fe..0000000 --- a/SOURCES/0037-BE-Schedule-the-refresh-interval-from-the-finish-tim.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6b068dec9ac5b2f22a9c20b5554a6e45af6dc8bb Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 19 Jun 2019 22:03:16 +0200 -Subject: [PATCH 37/48] BE: Schedule the refresh interval from the finish time - of the last run - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -Changes scheduling the periodical task so that the next run is started -relative to the previous run finish time, not start time to protect -against cases where the refresh would take too long and run practically -all the time. - -Reviewed-by: Sumit Bose ---- - src/providers/be_refresh.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 50b023c3d..a9d4295ec 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -157,7 +157,7 @@ errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - if (refresh_interval > 0) { - ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, - refresh_interval, BE_PTASK_OFFLINE_SKIP, -- BE_PTASK_SCHEDULE_FROM_LAST, -+ BE_PTASK_SCHEDULE_FROM_NOW, - 0, - be_refresh_send, be_refresh_recv, - ctx, "Refresh Records", NULL); --- -2.20.1 - diff --git a/SOURCES/0038-AD-Implement-background-refresh-for-AD-domains.patch b/SOURCES/0038-AD-Implement-background-refresh-for-AD-domains.patch deleted file mode 100644 index 6a80ec6..0000000 --- a/SOURCES/0038-AD-Implement-background-refresh-for-AD-domains.patch +++ /dev/null @@ -1,589 +0,0 @@ -From 10e3f8bddc8dd4799c0da68aebf09aa3435950f5 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 24 Apr 2019 20:52:11 +0200 -Subject: [PATCH 38/48] AD: Implement background refresh for AD domains - -Split out the actual useful functionality from the AD account handler -into a tevent request. This tevent request is then subsequently used by -a new ad_refresh module. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - Makefile.am | 5 +- - src/providers/ad/ad_common.h | 4 + - src/providers/ad/ad_id.c | 140 +++++++++++++---- - src/providers/ad/ad_id.h | 10 ++ - src/providers/ad/ad_init.c | 2 +- - src/providers/ad/ad_refresh.c | 283 ++++++++++++++++++++++++++++++++++ - 6 files changed, 412 insertions(+), 32 deletions(-) - create mode 100644 src/providers/ad/ad_refresh.c - -diff --git a/Makefile.am b/Makefile.am -index 043a7ebb4..f9f17904e 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4502,7 +4502,10 @@ libsss_ad_la_SOURCES = \ - src/providers/ad/ad_gpo_ndr.c \ - src/providers/ad/ad_srv.c \ - src/providers/ad/ad_subdomains.c \ -- src/providers/ad/ad_domain_info.c -+ src/providers/ad/ad_domain_info.c \ -+ src/providers/ad/ad_refresh.c \ -+ $(NULL) -+ - - if BUILD_SUDO - libsss_ad_la_SOURCES += \ -diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h -index e224254e1..75f11de2e 100644 ---- a/src/providers/ad/ad_common.h -+++ b/src/providers/ad/ad_common.h -@@ -224,4 +224,8 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts, - struct confdb_ctx *cdb, - const char *subdom_conf_path, - int opt_id); -+ -+errno_t ad_refresh_init(struct be_ctx *be_ctx, -+ struct ad_id_ctx *id_ctx); -+ - #endif /* AD_COMMON_H_ */ -diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c -index c3bda1662..eb6e36824 100644 ---- a/src/providers/ad/ad_id.c -+++ b/src/providers/ad/ad_id.c -@@ -360,44 +360,36 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, - return clist; - } - --struct ad_account_info_handler_state { -- struct sss_domain_info *domain; -- struct dp_reply_std reply; -+struct ad_account_info_state { -+ const char *err_msg; -+ int dp_error; - }; - --static void ad_account_info_handler_done(struct tevent_req *subreq); -+static void ad_account_info_done(struct tevent_req *subreq); - - struct tevent_req * --ad_account_info_handler_send(TALLOC_CTX *mem_ctx, -- struct ad_id_ctx *id_ctx, -- struct dp_id_data *data, -- struct dp_req_params *params) -+ad_account_info_send(TALLOC_CTX *mem_ctx, -+ struct be_ctx *be_ctx, -+ struct ad_id_ctx *id_ctx, -+ struct dp_id_data *data) - { -- struct ad_account_info_handler_state *state; -- struct sdap_id_conn_ctx **clist; -- struct sdap_id_ctx *sdap_id_ctx; -- struct sss_domain_info *domain; -+ struct sss_domain_info *domain = NULL; -+ struct ad_account_info_state *state = NULL; -+ struct tevent_req *req = NULL; -+ struct tevent_req *subreq = NULL; -+ struct sdap_id_conn_ctx **clist = NULL; -+ struct sdap_id_ctx *sdap_id_ctx = NULL; - struct sdap_domain *sdom; -- struct tevent_req *subreq; -- struct tevent_req *req; -- struct be_ctx *be_ctx; - errno_t ret; - -- sdap_id_ctx = id_ctx->sdap_id_ctx; -- be_ctx = params->be_ctx; -- - req = tevent_req_create(mem_ctx, &state, -- struct ad_account_info_handler_state); -+ struct ad_account_info_state); - if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); - return NULL; - } - -- if (sdap_is_enum_request(data)) { -- DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); -- ret = EOK; -- goto immediately; -- } -+ sdap_id_ctx = id_ctx->sdap_id_ctx; - - domain = be_ctx->domain; - if (strcasecmp(data->domain, be_ctx->domain->name) != 0) { -@@ -406,6 +398,7 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx, - } - - if (domain == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown domain\n"); - ret = EINVAL; - goto immediately; - } -@@ -413,6 +406,7 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx, - /* Determine whether to connect to GC, LDAP or try both. */ - clist = get_conn_list(state, id_ctx, domain, data); - if (clist == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create conn list\n"); - ret = EIO; - goto immediately; - } -@@ -423,14 +417,100 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx, - goto immediately; - } - -- state->domain = sdom->dom; -- - subreq = ad_handle_acct_info_send(state, data, sdap_id_ctx, - id_ctx->ad_options, sdom, clist); - if (subreq == NULL) { - ret = ENOMEM; - goto immediately; - } -+ tevent_req_set_callback(subreq, ad_account_info_done, req); -+ return req; -+ -+immediately: -+ tevent_req_error(req, ret); -+ tevent_req_post(req, be_ctx->ev); -+ return req; -+} -+ -+static void ad_account_info_done(struct tevent_req *subreq) -+{ -+ struct ad_account_info_state *state = NULL; -+ struct tevent_req *req = NULL; -+ errno_t ret; -+ -+ req = tevent_req_callback_data(subreq, struct tevent_req); -+ state = tevent_req_data(req, struct ad_account_info_state); -+ -+ ret = ad_handle_acct_info_recv(subreq, &state->dp_error, &state->err_msg); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "ad_handle_acct_info_recv failed [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ /* The caller wouldn't fail either, just report the error up */ -+ } -+ talloc_zfree(subreq); -+ tevent_req_done(req); -+} -+ -+errno_t ad_account_info_recv(struct tevent_req *req, -+ int *_dp_error, -+ const char **_err_msg) -+{ -+ struct ad_account_info_state *state = NULL; -+ -+ state = tevent_req_data(req, struct ad_account_info_state); -+ -+ if (_err_msg != NULL) { -+ *_err_msg = state->err_msg; -+ } -+ -+ if (_dp_error) { -+ *_dp_error = state->dp_error; -+ } -+ -+ -+ TEVENT_REQ_RETURN_ON_ERROR(req); -+ -+ return EOK; -+} -+ -+struct ad_account_info_handler_state { -+ struct sss_domain_info *domain; -+ struct dp_reply_std reply; -+}; -+ -+static void ad_account_info_handler_done(struct tevent_req *subreq); -+ -+struct tevent_req * -+ad_account_info_handler_send(TALLOC_CTX *mem_ctx, -+ struct ad_id_ctx *id_ctx, -+ struct dp_id_data *data, -+ struct dp_req_params *params) -+{ -+ struct ad_account_info_handler_state *state; -+ struct tevent_req *subreq; -+ struct tevent_req *req; -+ errno_t ret; -+ -+ -+ req = tevent_req_create(mem_ctx, &state, -+ struct ad_account_info_handler_state); -+ if (req == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); -+ return NULL; -+ } -+ -+ if (sdap_is_enum_request(data)) { -+ DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); -+ ret = EOK; -+ goto immediately; -+ } -+ -+ subreq = ad_account_info_send(state, params->be_ctx, id_ctx, data); -+ if (subreq == NULL) { -+ ret = ENOMEM; -+ goto immediately; -+ } - - tevent_req_set_callback(subreq, ad_account_info_handler_done, req); - -@@ -451,13 +531,13 @@ static void ad_account_info_handler_done(struct tevent_req *subreq) - struct ad_account_info_handler_state *state; - struct tevent_req *req; - const char *err_msg; -- int dp_error; -+ int dp_error = DP_ERR_FATAL; - errno_t ret; - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct ad_account_info_handler_state); - -- ret = ad_handle_acct_info_recv(subreq, &dp_error, &err_msg); -+ ret = ad_account_info_recv(subreq, &dp_error, &err_msg); - talloc_zfree(subreq); - - /* TODO For backward compatibility we always return EOK to DP now. */ -@@ -466,8 +546,8 @@ static void ad_account_info_handler_done(struct tevent_req *subreq) - } - - errno_t ad_account_info_handler_recv(TALLOC_CTX *mem_ctx, -- struct tevent_req *req, -- struct dp_reply_std *data) -+ struct tevent_req *req, -+ struct dp_reply_std *data) - { - struct ad_account_info_handler_state *state = NULL; - -diff --git a/src/providers/ad/ad_id.h b/src/providers/ad/ad_id.h -index 5154393c5..19cc54eec 100644 ---- a/src/providers/ad/ad_id.h -+++ b/src/providers/ad/ad_id.h -@@ -33,6 +33,16 @@ errno_t ad_account_info_handler_recv(TALLOC_CTX *mem_ctx, - struct tevent_req *req, - struct dp_reply_std *data); - -+struct tevent_req * -+ad_account_info_send(TALLOC_CTX *mem_ctx, -+ struct be_ctx *be_ctx, -+ struct ad_id_ctx *id_ctx, -+ struct dp_id_data *data); -+ -+errno_t ad_account_info_recv(struct tevent_req *req, -+ int *_dp_error, -+ const char **_err_msg); -+ - struct tevent_req * - ad_handle_acct_info_send(TALLOC_CTX *mem_ctx, - struct dp_id_data *ar, -diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c -index b8ebaea2f..42c17de00 100644 ---- a/src/providers/ad/ad_init.c -+++ b/src/providers/ad/ad_init.c -@@ -408,7 +408,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx, - return ret; - } - -- ret = sdap_refresh_init(be_ctx, sdap_id_ctx); -+ ret = ad_refresh_init(be_ctx, ad_id_ctx); - if (ret != EOK && ret != EEXIST) { - DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh " - "will not work [%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c -new file mode 100644 -index 000000000..ee541056f ---- /dev/null -+++ b/src/providers/ad/ad_refresh.c -@@ -0,0 +1,283 @@ -+/* -+ Copyright (C) 2019 Red Hat -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . -+*/ -+ -+#include -+#include -+ -+#include "providers/ad/ad_common.h" -+#include "providers/ad/ad_id.h" -+ -+struct ad_refresh_state { -+ struct tevent_context *ev; -+ struct be_ctx *be_ctx; -+ struct dp_id_data *account_req; -+ struct ad_id_ctx *id_ctx; -+ char **names; -+ size_t index; -+}; -+ -+static errno_t ad_refresh_step(struct tevent_req *req); -+static void ad_refresh_done(struct tevent_req *subreq); -+ -+static struct tevent_req *ad_refresh_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ int entry_type, -+ char **names, -+ void *pvt) -+{ -+ struct ad_refresh_state *state = NULL; -+ struct tevent_req *req = NULL; -+ errno_t ret; -+ uint32_t filter_type; -+ -+ req = tevent_req_create(mem_ctx, &state, -+ struct ad_refresh_state); -+ if (req == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); -+ return NULL; -+ } -+ -+ if (names == NULL) { -+ ret = EOK; -+ goto immediately; -+ } -+ -+ state->ev = ev; -+ state->be_ctx = be_ctx; -+ state->id_ctx = talloc_get_type(pvt, struct ad_id_ctx); -+ state->names = names; -+ state->index = 0; -+ -+ switch (entry_type) { -+ case BE_REQ_NETGROUP: -+ filter_type = BE_FILTER_NAME; -+ break; -+ case BE_REQ_USER: -+ case BE_REQ_GROUP: -+ filter_type = BE_FILTER_SECID; -+ break; -+ default: -+ ret = EINVAL; -+ goto immediately; -+ } -+ -+ state->account_req = be_refresh_acct_req(state, entry_type, -+ filter_type, domain); -+ if (state->account_req == NULL) { -+ ret = ENOMEM; -+ goto immediately; -+ } -+ -+ ret = ad_refresh_step(req); -+ if (ret == EOK) { -+ DEBUG(SSSDBG_TRACE_FUNC, "Nothing to refresh\n"); -+ goto immediately; -+ } else if (ret != EAGAIN) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "ad_refresh_step() failed " -+ "[%d]: %s\n", ret, sss_strerror(ret)); -+ goto immediately; -+ } -+ -+ return req; -+ -+immediately: -+ if (ret == EOK) { -+ tevent_req_done(req); -+ } else { -+ tevent_req_error(req, ret); -+ } -+ tevent_req_post(req, ev); -+ -+ return req; -+} -+ -+static errno_t ad_refresh_step(struct tevent_req *req) -+{ -+ struct ad_refresh_state *state = NULL; -+ struct tevent_req *subreq = NULL; -+ errno_t ret; -+ -+ state = tevent_req_data(req, struct ad_refresh_state); -+ -+ if (state->names == NULL) { -+ ret = EOK; -+ goto done; -+ } -+ -+ state->account_req->filter_value = state->names[state->index]; -+ if (state->account_req->filter_value == NULL) { -+ ret = EOK; -+ goto done; -+ } -+ -+ DEBUG(SSSDBG_TRACE_FUNC, "Issuing refresh of %s %s\n", -+ be_req2str(state->account_req->entry_type), -+ state->account_req->filter_value); -+ -+ subreq = ad_account_info_send(state, state->be_ctx, state->id_ctx, -+ state->account_req); -+ if (subreq == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ tevent_req_set_callback(subreq, ad_refresh_done, req); -+ -+ state->index++; -+ ret = EAGAIN; -+ -+done: -+ return ret; -+} -+ -+static void ad_refresh_done(struct tevent_req *subreq) -+{ -+ struct ad_refresh_state *state = NULL; -+ struct tevent_req *req = NULL; -+ const char *err_msg = NULL; -+ errno_t dp_error; -+ errno_t ret; -+ -+ req = tevent_req_callback_data(subreq, struct tevent_req); -+ state = tevent_req_data(req, struct ad_refresh_state); -+ -+ ret = ad_account_info_recv(subreq, &dp_error, &err_msg); -+ talloc_zfree(subreq); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh %s [dp_error: %d, " -+ "errno: %d]: %s\n", be_req2str(state->account_req->entry_type), -+ dp_error, ret, err_msg); -+ goto done; -+ } -+ -+ ret = ad_refresh_step(req); -+ if (ret == EAGAIN) { -+ return; -+ } -+ -+done: -+ if (ret != EOK) { -+ tevent_req_error(req, ret); -+ return; -+ } -+ -+ tevent_req_done(req); -+} -+ -+static errno_t ad_refresh_recv(struct tevent_req *req) -+{ -+ TEVENT_REQ_RETURN_ON_ERROR(req); -+ -+ return EOK; -+} -+ -+static struct tevent_req * -+ad_refresh_users_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_USER, names, pvt); -+} -+ -+static errno_t ad_refresh_users_recv(struct tevent_req *req) -+{ -+ return ad_refresh_recv(req); -+} -+ -+static struct tevent_req * -+ad_refresh_groups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_GROUP, names, pvt); -+} -+ -+static errno_t ad_refresh_groups_recv(struct tevent_req *req) -+{ -+ return ad_refresh_recv(req); -+} -+ -+static struct tevent_req * -+ad_refresh_netgroups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_NETGROUP, names, pvt); -+} -+ -+static errno_t ad_refresh_netgroups_recv(struct tevent_req *req) -+{ -+ return ad_refresh_recv(req); -+} -+ -+errno_t ad_refresh_init(struct be_ctx *be_ctx, -+ struct ad_id_ctx *id_ctx) -+{ -+ errno_t ret; -+ -+ ret = be_refresh_ctx_init(be_ctx, SYSDB_SID_STR); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -+ return ret; -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, -+ ad_refresh_users_send, -+ ad_refresh_users_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_GROUPS, -+ ad_refresh_groups_send, -+ ad_refresh_groups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_NETGROUPS, -+ ad_refresh_netgroups_send, -+ ad_refresh_netgroups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ return ret; -+} --- -2.20.1 - diff --git a/SOURCES/0039-IPA-Implement-background-refresh-for-IPA-domains.patch b/SOURCES/0039-IPA-Implement-background-refresh-for-IPA-domains.patch deleted file mode 100644 index 1dfa06b..0000000 --- a/SOURCES/0039-IPA-Implement-background-refresh-for-IPA-domains.patch +++ /dev/null @@ -1,547 +0,0 @@ -From 3847082fe85520ab86cefcf78d9ffe6c6df0a04f Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 8 May 2019 14:39:23 +0200 -Subject: [PATCH 39/48] IPA: Implement background refresh for IPA domains - -Split out the actual useful functionality from the IPA account lookup -handler into a tevent request. This tevent request is then used in a new -ipa_refresh module. - -Related: -https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - Makefile.am | 1 + - src/providers/ipa/ipa_common.h | 3 + - src/providers/ipa/ipa_id.c | 140 +++++++++++++---- - src/providers/ipa/ipa_id.h | 8 + - src/providers/ipa/ipa_init.c | 2 +- - src/providers/ipa/ipa_refresh.c | 264 ++++++++++++++++++++++++++++++++ - 6 files changed, 386 insertions(+), 32 deletions(-) - create mode 100644 src/providers/ipa/ipa_refresh.c - -diff --git a/Makefile.am b/Makefile.am -index f9f17904e..cbd6bbfdb 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4430,6 +4430,7 @@ libsss_ipa_la_SOURCES = \ - src/providers/ipa/ipa_srv.c \ - src/providers/ipa/ipa_idmap.c \ - src/providers/ipa/ipa_dn.c \ -+ src/providers/ipa/ipa_refresh.c \ - src/providers/ad/ad_opts.c \ - src/providers/ad/ad_common.c \ - src/providers/ad/ad_dyndns.c \ -diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h -index 31e671eb5..6bb1739ef 100644 ---- a/src/providers/ipa/ipa_common.h -+++ b/src/providers/ipa/ipa_common.h -@@ -301,4 +301,7 @@ errno_t ipa_get_host_attrs(struct dp_option *ipa_options, - struct sysdb_attrs **hosts, - struct sysdb_attrs **_ipa_host); - -+errno_t ipa_refresh_init(struct be_ctx *be_ctx, -+ struct ipa_id_ctx *id_ctx); -+ - #endif /* _IPA_COMMON_H_ */ -diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c -index e644af5ff..9abee34cb 100644 ---- a/src/providers/ipa/ipa_id.c -+++ b/src/providers/ipa/ipa_id.c -@@ -1344,43 +1344,39 @@ ipa_decide_account_info_type(struct dp_id_data *data, struct be_ctx *be_ctx) - return IPA_ACCOUNT_INFO_OTHER; - } - --struct ipa_account_info_handler_state { -+struct ipa_account_info_state { - enum ipa_account_info_type type; -- struct dp_reply_std reply; -+ -+ const char *err_msg; -+ int dp_error; - }; - --static void ipa_account_info_handler_done(struct tevent_req *subreq); -+static void ipa_account_info_done(struct tevent_req *subreq); - - struct tevent_req * --ipa_account_info_handler_send(TALLOC_CTX *mem_ctx, -- struct ipa_id_ctx *id_ctx, -- struct dp_id_data *data, -- struct dp_req_params *params) -+ipa_account_info_send(TALLOC_CTX *mem_ctx, -+ struct be_ctx *be_ctx, -+ struct ipa_id_ctx *id_ctx, -+ struct dp_id_data *data) - { -- struct ipa_account_info_handler_state *state; -+ struct ipa_account_info_state *state = NULL; -+ struct tevent_req *req = NULL; - struct tevent_req *subreq = NULL; -- struct tevent_req *req; - errno_t ret; - - req = tevent_req_create(mem_ctx, &state, -- struct ipa_account_info_handler_state); -+ struct ipa_account_info_state); - if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); - return NULL; - } - -- state->type = ipa_decide_account_info_type(data, params->be_ctx); -- -- if (sdap_is_enum_request(data)) { -- DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); -- ret = EOK; -- goto immediately; -- } -+ state->type = ipa_decide_account_info_type(data, be_ctx); - - switch (state->type) { - case IPA_ACCOUNT_INFO_SUBDOMAIN: - /* Subdomain lookups are handled differently on server and client. */ -- subreq = ipa_subdomain_account_send(state, params->ev, id_ctx, data); -+ subreq = ipa_subdomain_account_send(state, be_ctx->ev, id_ctx, data); - break; - case IPA_ACCOUNT_INFO_NETGROUP: - if (data->filter_type != BE_FILTER_NAME) { -@@ -1388,11 +1384,11 @@ ipa_account_info_handler_send(TALLOC_CTX *mem_ctx, - goto immediately; - } - -- subreq = ipa_id_get_netgroup_send(state, params->ev, id_ctx, -+ subreq = ipa_id_get_netgroup_send(state, be_ctx->ev, id_ctx, - data->filter_value); - break; - case IPA_ACCOUNT_INFO_OTHER: -- subreq = ipa_id_get_account_info_send(state, params->ev, id_ctx, data); -+ subreq = ipa_id_get_account_info_send(state, be_ctx->ev, id_ctx, data); - break; - } - -@@ -1400,7 +1396,99 @@ ipa_account_info_handler_send(TALLOC_CTX *mem_ctx, - ret = ENOMEM; - goto immediately; - } -+ tevent_req_set_callback(subreq, ipa_account_info_done, req); -+ return req; -+ -+immediately: -+ tevent_req_error(req, ret); -+ tevent_req_post(req, be_ctx->ev); -+ return req; -+} -+ -+static void ipa_account_info_done(struct tevent_req *subreq) -+{ -+ struct ipa_account_info_state *state = NULL; -+ struct tevent_req *req = NULL; -+ errno_t ret; -+ -+ req = tevent_req_callback_data(subreq, struct tevent_req); -+ state = tevent_req_data(req, struct ipa_account_info_state); -+ -+ switch (state->type) { -+ case IPA_ACCOUNT_INFO_SUBDOMAIN: -+ ret = ipa_subdomain_account_recv(subreq, &state->dp_error); -+ break; -+ case IPA_ACCOUNT_INFO_NETGROUP: -+ ret = ipa_id_get_netgroup_recv(subreq, &state->dp_error); -+ break; -+ case IPA_ACCOUNT_INFO_OTHER: -+ ret = ipa_id_get_account_info_recv(subreq, &state->dp_error); -+ break; -+ default: -+ ret = EINVAL; -+ break; -+ } -+ talloc_zfree(subreq); -+ -+ if (ret != EOK) { -+ tevent_req_error(req, ret); -+ return; -+ } -+ -+ tevent_req_done(req); -+} - -+errno_t ipa_account_info_recv(struct tevent_req *req, -+ int *_dp_error) -+{ -+ struct ipa_account_info_state *state = NULL; -+ -+ state = tevent_req_data(req, struct ipa_account_info_state); -+ -+ /* Fail the request after collecting the dp_error */ -+ if (_dp_error) { -+ *_dp_error = state->dp_error; -+ } -+ -+ TEVENT_REQ_RETURN_ON_ERROR(req); -+ return EOK; -+} -+ -+struct ipa_account_info_handler_state { -+ struct dp_reply_std reply; -+}; -+ -+static void ipa_account_info_handler_done(struct tevent_req *subreq); -+ -+struct tevent_req * -+ipa_account_info_handler_send(TALLOC_CTX *mem_ctx, -+ struct ipa_id_ctx *id_ctx, -+ struct dp_id_data *data, -+ struct dp_req_params *params) -+{ -+ struct ipa_account_info_handler_state *state; -+ struct tevent_req *subreq = NULL; -+ struct tevent_req *req; -+ errno_t ret; -+ -+ req = tevent_req_create(mem_ctx, &state, -+ struct ipa_account_info_handler_state); -+ if (req == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); -+ return NULL; -+ } -+ -+ if (sdap_is_enum_request(data)) { -+ DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); -+ ret = EOK; -+ goto immediately; -+ } -+ -+ subreq = ipa_account_info_send(state, params->be_ctx, id_ctx, data); -+ if (subreq == NULL) { -+ ret = ENOMEM; -+ goto immediately; -+ } - tevent_req_set_callback(subreq, ipa_account_info_handler_done, req); - - return req; -@@ -1425,17 +1513,7 @@ static void ipa_account_info_handler_done(struct tevent_req *subreq) - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct ipa_account_info_handler_state); - -- switch (state->type) { -- case IPA_ACCOUNT_INFO_SUBDOMAIN: -- ret = ipa_subdomain_account_recv(subreq, &dp_error); -- break; -- case IPA_ACCOUNT_INFO_NETGROUP: -- ret = ipa_id_get_netgroup_recv(subreq, &dp_error); -- break; -- case IPA_ACCOUNT_INFO_OTHER: -- ret = ipa_id_get_account_info_recv(subreq, &dp_error); -- break; -- } -+ ret = ipa_account_info_recv(subreq, &dp_error); - talloc_zfree(subreq); - - /* TODO For backward compatibility we always return EOK to DP now. */ -diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h -index 4b2549882..fe9acfeef 100644 ---- a/src/providers/ipa/ipa_id.h -+++ b/src/providers/ipa/ipa_id.h -@@ -33,6 +33,14 @@ - - #define IPA_DEFAULT_VIEW_NAME "Default Trust View" - -+struct tevent_req * -+ipa_account_info_send(TALLOC_CTX *mem_ctx, -+ struct be_ctx *be_ctx, -+ struct ipa_id_ctx *id_ctx, -+ struct dp_id_data *data); -+errno_t ipa_account_info_recv(struct tevent_req *req, -+ int *_dp_error); -+ - struct tevent_req * - ipa_account_info_handler_send(TALLOC_CTX *mem_ctx, - struct ipa_id_ctx *id_ctx, -diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c -index b3060e228..cdfd11d7a 100644 ---- a/src/providers/ipa/ipa_init.c -+++ b/src/providers/ipa/ipa_init.c -@@ -594,7 +594,7 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx, - } - } - -- ret = sdap_refresh_init(be_ctx, sdap_id_ctx); -+ ret = ipa_refresh_init(be_ctx, ipa_id_ctx); - if (ret != EOK && ret != EEXIST) { - DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh " - "will not work [%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c -new file mode 100644 -index 000000000..72051cfdd ---- /dev/null -+++ b/src/providers/ipa/ipa_refresh.c -@@ -0,0 +1,264 @@ -+/* -+ Copyright (C) 2019 Red Hat -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . -+*/ -+ -+#include -+#include -+ -+#include "providers/ipa/ipa_common.h" -+#include "providers/ipa/ipa_id.h" -+ -+struct ipa_refresh_state { -+ struct tevent_context *ev; -+ struct be_ctx *be_ctx; -+ struct dp_id_data *account_req; -+ struct ipa_id_ctx *id_ctx; -+ char **names; -+ size_t index; -+}; -+ -+static errno_t ipa_refresh_step(struct tevent_req *req); -+static void ipa_refresh_done(struct tevent_req *subreq); -+ -+static struct tevent_req *ipa_refresh_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ int entry_type, -+ char **names, -+ void *pvt) -+{ -+ struct ipa_refresh_state *state = NULL; -+ struct tevent_req *req = NULL; -+ errno_t ret; -+ -+ req = tevent_req_create(mem_ctx, &state, -+ struct ipa_refresh_state); -+ if (req == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); -+ return NULL; -+ } -+ -+ if (names == NULL) { -+ ret = EOK; -+ goto immediately; -+ } -+ -+ state->ev = ev; -+ state->be_ctx = be_ctx; -+ state->id_ctx = talloc_get_type(pvt, struct ipa_id_ctx); -+ state->names = names; -+ state->index = 0; -+ -+ state->account_req = be_refresh_acct_req(state, entry_type, -+ BE_FILTER_NAME, domain); -+ if (state->account_req == NULL) { -+ ret = ENOMEM; -+ goto immediately; -+ } -+ -+ ret = ipa_refresh_step(req); -+ if (ret == EOK) { -+ DEBUG(SSSDBG_TRACE_FUNC, "Nothing to refresh\n"); -+ goto immediately; -+ } else if (ret != EAGAIN) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "ipa_refresh_step() failed " -+ "[%d]: %s\n", ret, sss_strerror(ret)); -+ goto immediately; -+ } -+ -+ return req; -+ -+immediately: -+ if (ret == EOK) { -+ tevent_req_done(req); -+ } else { -+ tevent_req_error(req, ret); -+ } -+ tevent_req_post(req, ev); -+ -+ return req; -+} -+ -+static errno_t ipa_refresh_step(struct tevent_req *req) -+{ -+ struct ipa_refresh_state *state = NULL; -+ struct tevent_req *subreq = NULL; -+ errno_t ret; -+ -+ state = tevent_req_data(req, struct ipa_refresh_state); -+ -+ if (state->names == NULL) { -+ ret = EOK; -+ goto done; -+ } -+ -+ state->account_req->filter_value = state->names[state->index]; -+ if (state->account_req->filter_value == NULL) { -+ ret = EOK; -+ goto done; -+ } -+ -+ subreq = ipa_account_info_send(state, state->be_ctx, state->id_ctx, -+ state->account_req); -+ if (subreq == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ tevent_req_set_callback(subreq, ipa_refresh_done, req); -+ -+ state->index++; -+ ret = EAGAIN; -+ -+done: -+ return ret; -+} -+ -+static void ipa_refresh_done(struct tevent_req *subreq) -+{ -+ struct ipa_refresh_state *state = NULL; -+ struct tevent_req *req = NULL; -+ errno_t dp_error; -+ errno_t ret; -+ -+ req = tevent_req_callback_data(subreq, struct tevent_req); -+ state = tevent_req_data(req, struct ipa_refresh_state); -+ -+ ret = ipa_account_info_recv(subreq, &dp_error); -+ talloc_zfree(subreq); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh %s [dp_error: %d, " -+ "errno: %d]\n", be_req2str(state->account_req->entry_type), -+ dp_error, ret); -+ goto done; -+ } -+ -+ ret = ipa_refresh_step(req); -+ if (ret == EAGAIN) { -+ return; -+ } -+ -+done: -+ if (ret != EOK) { -+ tevent_req_error(req, ret); -+ return; -+ } -+ -+ tevent_req_done(req); -+} -+ -+static errno_t ipa_refresh_recv(struct tevent_req *req) -+{ -+ TEVENT_REQ_RETURN_ON_ERROR(req); -+ -+ return EOK; -+} -+ -+static struct tevent_req * -+ipa_refresh_users_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_USER, names, pvt); -+} -+ -+static errno_t ipa_refresh_users_recv(struct tevent_req *req) -+{ -+ return ipa_refresh_recv(req); -+} -+ -+static struct tevent_req * -+ipa_refresh_groups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_GROUP, names, pvt); -+} -+ -+static errno_t ipa_refresh_groups_recv(struct tevent_req *req) -+{ -+ return ipa_refresh_recv(req); -+} -+ -+static struct tevent_req * -+ipa_refresh_netgroups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_NETGROUP, names, pvt); -+} -+ -+static errno_t ipa_refresh_netgroups_recv(struct tevent_req *req) -+{ -+ return ipa_refresh_recv(req); -+} -+ -+errno_t ipa_refresh_init(struct be_ctx *be_ctx, -+ struct ipa_id_ctx *id_ctx) -+{ -+ errno_t ret; -+ -+ ret = be_refresh_ctx_init(be_ctx, SYSDB_NAME); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -+ return ENOMEM; -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, -+ ipa_refresh_users_send, -+ ipa_refresh_users_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_GROUPS, -+ ipa_refresh_groups_send, -+ ipa_refresh_groups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_NETGROUPS, -+ ipa_refresh_netgroups_send, -+ ipa_refresh_netgroups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ return ret; -+} --- -2.20.1 - diff --git a/SOURCES/0040-BE-IPA-AD-LDAP-Add-inigroups-refresh-support.patch b/SOURCES/0040-BE-IPA-AD-LDAP-Add-inigroups-refresh-support.patch deleted file mode 100644 index 7001f09..0000000 --- a/SOURCES/0040-BE-IPA-AD-LDAP-Add-inigroups-refresh-support.patch +++ /dev/null @@ -1,291 +0,0 @@ -From 141738f80a615ed57c7b49dc619a899b617dd62a Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 25 Jun 2019 14:16:31 +0200 -Subject: [PATCH 40/48] BE/IPA/AD/LDAP: Add inigroups refresh support - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -In addition to refreshing users, groups and netgroups, this patch adds -the ability to also refresh initgroups. The refresh is ran for any users -that have the initgrExpireTimestamp attribute close to expiration. - -This request is ran as the first one, because the initgroups operation -refreshes the user entry and can touch groups as well. - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_refresh.c | 28 +++++++++++++++++++++++ - src/providers/be_refresh.c | 37 +++++++++++++++++++++++-------- - src/providers/be_refresh.h | 1 + - src/providers/ipa/ipa_refresh.c | 27 ++++++++++++++++++++++ - src/providers/ldap/sdap_refresh.c | 17 ++++++++++++++ - 5 files changed, 101 insertions(+), 9 deletions(-) - -diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c -index ee541056f..f0130cbaf 100644 ---- a/src/providers/ad/ad_refresh.c -+++ b/src/providers/ad/ad_refresh.c -@@ -65,6 +65,7 @@ static struct tevent_req *ad_refresh_send(TALLOC_CTX *mem_ctx, - state->index = 0; - - switch (entry_type) { -+ case BE_REQ_INITGROUPS: - case BE_REQ_NETGROUP: - filter_type = BE_FILTER_NAME; - break; -@@ -187,6 +188,23 @@ static errno_t ad_refresh_recv(struct tevent_req *req) - return EOK; - } - -+static struct tevent_req * -+ad_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_INITGROUPS, names, pvt); -+} -+ -+static errno_t ad_refresh_initgroups_recv(struct tevent_req *req) -+{ -+ return ad_refresh_recv(req); -+} -+ - static struct tevent_req * - ad_refresh_users_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -@@ -249,6 +267,16 @@ errno_t ad_refresh_init(struct be_ctx *be_ctx, - return ret; - } - -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_INITGROUPS, -+ ad_refresh_initgroups_send, -+ ad_refresh_initgroups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ - ret = be_refresh_add_cb(be_ctx->refresh_ctx, - BE_REFRESH_TYPE_USERS, - ad_refresh_users_send, -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index a9d4295ec..6945ca9e3 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -33,11 +33,12 @@ static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - time_t period, - struct ldb_dn *base_dn, -- const char *attr, -+ const char *key_attr, -+ const char *value_attr, - char ***_values) - { - TALLOC_CTX *tmp_ctx = NULL; -- const char *attrs[] = {attr, NULL}; -+ const char *attrs[] = {value_attr, NULL}; - const char *filter = NULL; - char **values = NULL; - struct sysdb_attrs **records = NULL; -@@ -45,13 +46,17 @@ static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx, - time_t now = time(NULL); - errno_t ret; - -+ if (key_attr == NULL || domain == NULL || base_dn == NULL) { -+ return EINVAL; -+ } -+ - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - filter = talloc_asprintf(tmp_ctx, "(&(%s<=%lld))", -- SYSDB_CACHE_EXPIRE, (long long) now + period); -+ key_attr, (long long) now + period); - if (filter == NULL) { - ret = ENOMEM; - goto done; -@@ -73,7 +78,7 @@ static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx, - goto done; - } - -- ret = sysdb_attrs_to_list(tmp_ctx, records, res->count, attr, &values); -+ ret = sysdb_attrs_to_list(tmp_ctx, records, res->count, value_attr, &values); - if (ret != EOK) { - goto done; - } -@@ -96,18 +101,27 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - { - struct ldb_dn *base_dn = NULL; - errno_t ret; -+ const char *key_attr; - - switch (type) { -+ case BE_REFRESH_TYPE_INITGROUPS: -+ key_attr = SYSDB_INITGR_EXPIRE; -+ base_dn = sysdb_user_base_dn(mem_ctx, domain); -+ break; - case BE_REFRESH_TYPE_USERS: -+ key_attr = SYSDB_CACHE_EXPIRE; - base_dn = sysdb_user_base_dn(mem_ctx, domain); - break; - case BE_REFRESH_TYPE_GROUPS: -+ key_attr = SYSDB_CACHE_EXPIRE; - base_dn = sysdb_group_base_dn(mem_ctx, domain); - break; - case BE_REFRESH_TYPE_NETGROUPS: -+ key_attr = SYSDB_CACHE_EXPIRE; - base_dn = sysdb_netgroup_base_dn(mem_ctx, domain); - break; -- case BE_REFRESH_TYPE_SENTINEL: -+ default: -+ DEBUG(SSSDBG_CRIT_FAILURE, "Uknown or unsupported refresh type\n"); - return ERR_INTERNAL; - break; - } -@@ -117,7 +131,8 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - } - - ret = be_refresh_get_values_ex(mem_ctx, domain, period, -- base_dn, attr_name, _values); -+ base_dn, key_attr, -+ attr_name, _values); - - talloc_free(base_dn); - return ret; -@@ -125,6 +140,7 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - - struct be_refresh_cb { - const char *name; -+ const char *attr_name; - bool enabled; - be_refresh_send_t send_fn; - be_refresh_recv_t recv_fn; -@@ -132,7 +148,6 @@ struct be_refresh_cb { - }; - - struct be_refresh_ctx { -- const char *attr_name; - struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; - }; - -@@ -148,10 +163,14 @@ errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - return ENOMEM; - } - -- ctx->attr_name = attr_name; -+ ctx->callbacks[BE_REFRESH_TYPE_INITGROUPS].name = "initgroups"; -+ ctx->callbacks[BE_REFRESH_TYPE_INITGROUPS].attr_name = SYSDB_NAME; - ctx->callbacks[BE_REFRESH_TYPE_USERS].name = "users"; -+ ctx->callbacks[BE_REFRESH_TYPE_USERS].attr_name = attr_name; - ctx->callbacks[BE_REFRESH_TYPE_GROUPS].name = "groups"; -+ ctx->callbacks[BE_REFRESH_TYPE_GROUPS].attr_name = attr_name; - ctx->callbacks[BE_REFRESH_TYPE_NETGROUPS].name = "netgroups"; -+ ctx->callbacks[BE_REFRESH_TYPE_NETGROUPS].attr_name = SYSDB_NAME; - - refresh_interval = be_ctx->domain->refresh_expired_interval; - if (refresh_interval > 0) { -@@ -310,7 +329,7 @@ static errno_t be_refresh_step(struct tevent_req *req) - } - - talloc_zfree(state->refresh_values); -- ret = be_refresh_get_values(state, state->index, state->ctx->attr_name, -+ ret = be_refresh_get_values(state, state->index, state->cb->attr_name, - state->domain, state->period, - &state->refresh_values); - if (ret != EOK) { -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index c7b4872df..4ac5b70c2 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -44,6 +44,7 @@ typedef errno_t - (*be_refresh_recv_t)(struct tevent_req *req); - - enum be_refresh_type { -+ BE_REFRESH_TYPE_INITGROUPS, - BE_REFRESH_TYPE_USERS, - BE_REFRESH_TYPE_GROUPS, - BE_REFRESH_TYPE_NETGROUPS, -diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c -index 72051cfdd..bb47b0edf 100644 ---- a/src/providers/ipa/ipa_refresh.c -+++ b/src/providers/ipa/ipa_refresh.c -@@ -168,6 +168,23 @@ static errno_t ipa_refresh_recv(struct tevent_req *req) - return EOK; - } - -+static struct tevent_req * -+ipa_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_INITGROUPS, names, pvt); -+} -+ -+static errno_t ipa_refresh_initgroups_recv(struct tevent_req *req) -+{ -+ return ipa_refresh_recv(req); -+} -+ - static struct tevent_req * - ipa_refresh_users_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -@@ -230,6 +247,16 @@ errno_t ipa_refresh_init(struct be_ctx *be_ctx, - return ENOMEM; - } - -+ ret = be_refresh_add_cb(be_ctx->refresh_ctx, -+ BE_REFRESH_TYPE_USERS, -+ ipa_refresh_initgroups_send, -+ ipa_refresh_initgroups_recv, -+ id_ctx); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of initgroups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ - ret = be_refresh_add_cb(be_ctx->refresh_ctx, - BE_REFRESH_TYPE_USERS, - ipa_refresh_users_send, -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index 2206d6670..3ceddb61e 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -186,6 +186,23 @@ static errno_t sdap_refresh_recv(struct tevent_req *req) - return EOK; - } - -+static struct tevent_req * -+sdap_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct be_ctx *be_ctx, -+ struct sss_domain_info *domain, -+ char **names, -+ void *pvt) -+{ -+ return sdap_refresh_send(mem_ctx, ev, be_ctx, domain, -+ BE_REQ_INITGROUPS, names, pvt); -+} -+ -+static errno_t sdap_refresh_initgroups_recv(struct tevent_req *req) -+{ -+ return sdap_refresh_recv(req); -+} -+ - static struct tevent_req * - sdap_refresh_users_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, --- -2.20.1 - diff --git a/SOURCES/0041-BE-IPA-AD-LDAP-Initialize-the-refresh-callback-from-.patch b/SOURCES/0041-BE-IPA-AD-LDAP-Initialize-the-refresh-callback-from-.patch deleted file mode 100644 index 7bb9535..0000000 --- a/SOURCES/0041-BE-IPA-AD-LDAP-Initialize-the-refresh-callback-from-.patch +++ /dev/null @@ -1,495 +0,0 @@ -From 330507ab3146e877391ff85d4bf6be9ce069e2bd Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 25 Jun 2019 15:05:59 +0200 -Subject: [PATCH 41/48] BE/IPA/AD/LDAP: Initialize the refresh callback from a - list to reduce logic duplication - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -This patch slightly increases the line count, but on the other hand the -code is now more declarative and contains less logic, which should -hopefully decrease the maintenance cost in the future. - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_refresh.c | 66 ++++++---------- - src/providers/be_refresh.c | 126 +++++++++++++++++++++++------- - src/providers/be_refresh.h | 17 ++-- - src/providers/ipa/ipa_refresh.c | 70 ++++++----------- - src/providers/ldap/sdap_refresh.c | 58 ++++++-------- - 5 files changed, 179 insertions(+), 158 deletions(-) - -diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c -index f0130cbaf..ed51b305a 100644 ---- a/src/providers/ad/ad_refresh.c -+++ b/src/providers/ad/ad_refresh.c -@@ -260,52 +260,32 @@ errno_t ad_refresh_init(struct be_ctx *be_ctx, - struct ad_id_ctx *id_ctx) - { - errno_t ret; -- -- ret = be_refresh_ctx_init(be_ctx, SYSDB_SID_STR); -+ struct be_refresh_cb ad_refresh_callbacks[] = { -+ { .send_fn = ad_refresh_initgroups_send, -+ .recv_fn = ad_refresh_initgroups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ad_refresh_users_send, -+ .recv_fn = ad_refresh_users_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ad_refresh_groups_send, -+ .recv_fn = ad_refresh_groups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ad_refresh_netgroups_send, -+ .recv_fn = ad_refresh_netgroups_recv, -+ .pvt = id_ctx, -+ }, -+ }; -+ -+ ret = be_refresh_ctx_init_with_callbacks(be_ctx, -+ SYSDB_SID_STR, -+ ad_refresh_callbacks); - if (ret != EOK) { -- DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize background refresh\n"); - return ret; - } - -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_INITGROUPS, -- ad_refresh_initgroups_send, -- ad_refresh_initgroups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- ad_refresh_users_send, -- ad_refresh_users_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_GROUPS, -- ad_refresh_groups_send, -- ad_refresh_groups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_NETGROUPS, -- ad_refresh_netgroups_send, -- ad_refresh_netgroups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- - return ret; - } -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 6945ca9e3..8f50e231d 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -138,21 +138,19 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, - return ret; - } - --struct be_refresh_cb { -+struct be_refresh_cb_ctx { - const char *name; - const char *attr_name; - bool enabled; -- be_refresh_send_t send_fn; -- be_refresh_recv_t recv_fn; -- void *pvt; -+ struct be_refresh_cb cb; - }; - - struct be_refresh_ctx { -- struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; -+ struct be_refresh_cb_ctx callbacks[BE_REFRESH_TYPE_SENTINEL]; - }; - --errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, -- const char *attr_name) -+static errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, -+ const char *attr_name) - { - struct be_refresh_ctx *ctx = NULL; - uint32_t refresh_interval; -@@ -193,13 +191,11 @@ errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - return EOK; - } - --errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, -- enum be_refresh_type type, -- be_refresh_send_t send_fn, -- be_refresh_recv_t recv_fn, -- void *pvt) -+static errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, -+ enum be_refresh_type type, -+ struct be_refresh_cb *cb) - { -- if (ctx == NULL || send_fn == NULL || recv_fn == NULL -+ if (ctx == NULL || cb->send_fn == NULL || cb->recv_fn == NULL - || type >= BE_REFRESH_TYPE_SENTINEL) { - return EINVAL; - } -@@ -209,9 +205,78 @@ errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - } - - ctx->callbacks[type].enabled = true; -- ctx->callbacks[type].send_fn = send_fn; -- ctx->callbacks[type].recv_fn = recv_fn; -- ctx->callbacks[type].pvt = pvt; -+ ctx->callbacks[type].cb.send_fn = cb->send_fn; -+ ctx->callbacks[type].cb.recv_fn = cb->recv_fn; -+ ctx->callbacks[type].cb.pvt = cb->pvt; -+ -+ return EOK; -+} -+ -+static errno_t be_refresh_set_callbacks(struct be_refresh_ctx *refresh_ctx, -+ struct be_refresh_cb *callbacks) -+{ -+ errno_t ret; -+ -+ if (callbacks == NULL || refresh_ctx == NULL) { -+ return EINVAL; -+ } -+ -+ ret = be_refresh_add_cb(refresh_ctx, -+ BE_REFRESH_TYPE_INITGROUPS, -+ &callbacks[BE_REFRESH_TYPE_INITGROUPS]); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of initgroups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(refresh_ctx, -+ BE_REFRESH_TYPE_USERS, -+ &callbacks[BE_REFRESH_TYPE_USERS]); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(refresh_ctx, -+ BE_REFRESH_TYPE_GROUPS, -+ &callbacks[BE_REFRESH_TYPE_GROUPS]); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ ret = be_refresh_add_cb(refresh_ctx, -+ BE_REFRESH_TYPE_NETGROUPS, -+ &callbacks[BE_REFRESH_TYPE_NETGROUPS]); -+ if (ret != EOK && ret != EEXIST) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -+ "will not work [%d]: %s\n", ret, strerror(ret)); -+ } -+ -+ return EOK; -+} -+ -+errno_t be_refresh_ctx_init_with_callbacks(struct be_ctx *be_ctx, -+ const char *attr_name, -+ struct be_refresh_cb *callbacks) -+{ -+ errno_t ret; -+ -+ if (be_ctx == NULL || attr_name == NULL || callbacks == NULL) { -+ return EINVAL; -+ } -+ -+ ret = be_refresh_ctx_init(be_ctx, attr_name); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -+ return ret; -+ } -+ -+ ret = be_refresh_set_callbacks(be_ctx->refresh_ctx, callbacks); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh callbacks\n"); -+ return ENOMEM; -+ } - - return EOK; - } -@@ -220,7 +285,7 @@ struct be_refresh_state { - struct tevent_context *ev; - struct be_ctx *be_ctx; - struct be_refresh_ctx *ctx; -- struct be_refresh_cb *cb; -+ struct be_refresh_cb_ctx *cb_ctx; - - struct sss_domain_info *domain; - enum be_refresh_type index; -@@ -308,10 +373,11 @@ static errno_t be_refresh_step(struct tevent_req *req) - - while (state->domain != NULL) { - /* find first enabled callback */ -- state->cb = &state->ctx->callbacks[state->index]; -- while (state->index != BE_REFRESH_TYPE_SENTINEL && !state->cb->enabled) { -+ state->cb_ctx = &state->ctx->callbacks[state->index]; -+ while (state->index != BE_REFRESH_TYPE_SENTINEL -+ && !state->cb_ctx->enabled) { - state->index++; -- state->cb = &state->ctx->callbacks[state->index]; -+ state->cb_ctx = &state->ctx->callbacks[state->index]; - } - - /* if not found than continue with next domain */ -@@ -322,14 +388,16 @@ static errno_t be_refresh_step(struct tevent_req *req) - continue; - } - -- if (state->cb->send_fn == NULL || state->cb->recv_fn == NULL) { -+ if (state->cb_ctx->cb.send_fn == NULL -+ || state->cb_ctx->cb.recv_fn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Invalid parameters!\n"); - ret = ERR_INTERNAL; - goto done; - } - - talloc_zfree(state->refresh_values); -- ret = be_refresh_get_values(state, state->index, state->cb->attr_name, -+ ret = be_refresh_get_values(state, state->index, -+ state->cb_ctx->attr_name, - state->domain, state->period, - &state->refresh_values); - if (ret != EOK) { -@@ -343,7 +411,9 @@ static errno_t be_refresh_step(struct tevent_req *req) - state->refresh_val_size++); - - DEBUG(SSSDBG_TRACE_FUNC, "Refreshing %zu %s in domain %s\n", -- state->refresh_val_size, state->cb->name, state->domain->name); -+ state->refresh_val_size, -+ state->cb_ctx->name, -+ state->domain->name); - - ret = be_refresh_batch_step(req, 0); - if (ret == EOK) { -@@ -416,10 +486,10 @@ static void be_refresh_batch_step_wakeup(struct tevent_context *ev, - state = tevent_req_data(req, struct be_refresh_state); - - DEBUG(SSSDBG_TRACE_INTERNAL, "Issuing refresh\n"); -- subreq = state->cb->send_fn(state, state->ev, state->be_ctx, -- state->domain, -- state->refresh_batch, -- state->cb->pvt); -+ subreq = state->cb_ctx->cb.send_fn(state, state->ev, state->be_ctx, -+ state->domain, -+ state->refresh_batch, -+ state->cb_ctx->cb.pvt); - if (subreq == NULL) { - tevent_req_error(req, ENOMEM); - return; -@@ -436,7 +506,7 @@ static void be_refresh_done(struct tevent_req *subreq) - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct be_refresh_state); - -- ret = state->cb->recv_fn(subreq); -+ ret = state->cb_ctx->cb.recv_fn(subreq); - talloc_zfree(subreq); - if (ret != EOK) { - goto done; -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 4ac5b70c2..42d73d938 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -51,16 +51,17 @@ enum be_refresh_type { - BE_REFRESH_TYPE_SENTINEL - }; - --struct be_refresh_ctx; -+struct be_refresh_cb { -+ be_refresh_send_t send_fn; -+ be_refresh_recv_t recv_fn; -+ void *pvt; -+}; - --errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, -- const char *attr_name); -+struct be_refresh_ctx; - --errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, -- enum be_refresh_type type, -- be_refresh_send_t send_fn, -- be_refresh_recv_t recv_fn, -- void *pvt); -+errno_t be_refresh_ctx_init_with_callbacks(struct be_ctx *be_ctx, -+ const char *attr_name, -+ struct be_refresh_cb *callbacks); - - struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c -index bb47b0edf..7b05cf9e4 100644 ---- a/src/providers/ipa/ipa_refresh.c -+++ b/src/providers/ipa/ipa_refresh.c -@@ -240,52 +240,32 @@ errno_t ipa_refresh_init(struct be_ctx *be_ctx, - struct ipa_id_ctx *id_ctx) - { - errno_t ret; -- -- ret = be_refresh_ctx_init(be_ctx, SYSDB_NAME); -+ struct be_refresh_cb ipa_refresh_callbacks[] = { -+ { .send_fn = ipa_refresh_initgroups_send, -+ .recv_fn = ipa_refresh_initgroups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ipa_refresh_users_send, -+ .recv_fn = ipa_refresh_users_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ipa_refresh_groups_send, -+ .recv_fn = ipa_refresh_groups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = ipa_refresh_netgroups_send, -+ .recv_fn = ipa_refresh_netgroups_recv, -+ .pvt = id_ctx, -+ }, -+ }; -+ -+ ret = be_refresh_ctx_init_with_callbacks(be_ctx, -+ SYSDB_NAME, -+ ipa_refresh_callbacks); - if (ret != EOK) { -- DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -- return ENOMEM; -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- ipa_refresh_initgroups_send, -- ipa_refresh_initgroups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of initgroups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize background refresh\n"); -+ return ret; - } - -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- ipa_refresh_users_send, -- ipa_refresh_users_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_GROUPS, -- ipa_refresh_groups_send, -- ipa_refresh_groups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_NETGROUPS, -- ipa_refresh_netgroups_send, -- ipa_refresh_netgroups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- return ret; -+ return EOK; - } -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index 3ceddb61e..ff4d2116d 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -258,41 +258,31 @@ errno_t sdap_refresh_init(struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx) - { - errno_t ret; -- -- ret = be_refresh_ctx_init(be_ctx, SYSDB_NAME); -+ struct be_refresh_cb sdap_refresh_callbacks[] = { -+ { .send_fn = sdap_refresh_initgroups_send, -+ .recv_fn = sdap_refresh_initgroups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = sdap_refresh_users_send, -+ .recv_fn = sdap_refresh_users_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = sdap_refresh_groups_send, -+ .recv_fn = sdap_refresh_groups_recv, -+ .pvt = id_ctx, -+ }, -+ { .send_fn = sdap_refresh_netgroups_send, -+ .recv_fn = sdap_refresh_netgroups_recv, -+ .pvt = id_ctx, -+ }, -+ }; -+ -+ ret = be_refresh_ctx_init_with_callbacks(be_ctx, -+ SYSDB_NAME, -+ sdap_refresh_callbacks); - if (ret != EOK) { -- DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n"); -- return ENOMEM; -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- sdap_refresh_users_send, -- sdap_refresh_users_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- sdap_refresh_groups_send, -- sdap_refresh_groups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -- } -- -- ret = be_refresh_add_cb(be_ctx->refresh_ctx, -- BE_REFRESH_TYPE_USERS, -- sdap_refresh_netgroups_send, -- sdap_refresh_netgroups_recv, -- id_ctx); -- if (ret != EOK && ret != EEXIST) { -- DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups " -- "will not work [%d]: %s\n", ret, strerror(ret)); -+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize background refresh\n"); -+ return ret; - } - - return ret; --- -2.20.1 - diff --git a/SOURCES/0042-IPA-AD-SDAP-BE-Generate-refresh-callbacks-with-a-mac.patch b/SOURCES/0042-IPA-AD-SDAP-BE-Generate-refresh-callbacks-with-a-mac.patch deleted file mode 100644 index 4540691..0000000 --- a/SOURCES/0042-IPA-AD-SDAP-BE-Generate-refresh-callbacks-with-a-mac.patch +++ /dev/null @@ -1,300 +0,0 @@ -From 01572f3d8c18dcbd4836522ee5e24bd0739e0255 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 25 Jun 2019 15:01:15 +0200 -Subject: [PATCH 42/48] IPA/AD/SDAP/BE: Generate refresh callbacks with a macro - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -The per-object type refresh functions are more or less boilerplate code. -Even though macro-generated code should be used very rarely, here the -generated code does not contain any logic at all so it makese sense to -generate it with macros. - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_refresh.c | 71 ++----------------------------- - src/providers/be_refresh.h | 20 +++++++++ - src/providers/ipa/ipa_refresh.c | 71 ++----------------------------- - src/providers/ldap/sdap_refresh.c | 71 ++----------------------------- - 4 files changed, 32 insertions(+), 201 deletions(-) - -diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c -index ed51b305a..0c2ebce5e 100644 ---- a/src/providers/ad/ad_refresh.c -+++ b/src/providers/ad/ad_refresh.c -@@ -188,73 +188,10 @@ static errno_t ad_refresh_recv(struct tevent_req *req) - return EOK; - } - --static struct tevent_req * --ad_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_INITGROUPS, names, pvt); --} -- --static errno_t ad_refresh_initgroups_recv(struct tevent_req *req) --{ -- return ad_refresh_recv(req); --} -- --static struct tevent_req * --ad_refresh_users_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_USER, names, pvt); --} -- --static errno_t ad_refresh_users_recv(struct tevent_req *req) --{ -- return ad_refresh_recv(req); --} -- --static struct tevent_req * --ad_refresh_groups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_GROUP, names, pvt); --} -- --static errno_t ad_refresh_groups_recv(struct tevent_req *req) --{ -- return ad_refresh_recv(req); --} -- --static struct tevent_req * --ad_refresh_netgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ad_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_NETGROUP, names, pvt); --} -- --static errno_t ad_refresh_netgroups_recv(struct tevent_req *req) --{ -- return ad_refresh_recv(req); --} -+REFRESH_SEND_RECV_FNS(ad_refresh_initgroups, ad_refresh, BE_REQ_INITGROUPS); -+REFRESH_SEND_RECV_FNS(ad_refresh_users, ad_refresh, BE_REQ_USER); -+REFRESH_SEND_RECV_FNS(ad_refresh_groups, ad_refresh, BE_REQ_GROUP); -+REFRESH_SEND_RECV_FNS(ad_refresh_netgroups, ad_refresh, BE_REQ_NETGROUP); - - errno_t ad_refresh_init(struct be_ctx *be_ctx, - struct ad_id_ctx *id_ctx) -diff --git a/src/providers/be_refresh.h b/src/providers/be_refresh.h -index 42d73d938..68be40118 100644 ---- a/src/providers/be_refresh.h -+++ b/src/providers/be_refresh.h -@@ -29,6 +29,26 @@ - /* solve circular dependency */ - struct be_ctx; - -+#define REFRESH_SEND_RECV_FNS(outer_base, inner_base, req_type) \ -+ \ -+static struct tevent_req * \ -+outer_base ##_send(TALLOC_CTX *mem_ctx, \ -+ struct tevent_context *ev, \ -+ struct be_ctx *be_ctx, \ -+ struct sss_domain_info *domain, \ -+ char **names, \ -+ void *pvt) \ -+{ \ -+ return inner_base ##_send(mem_ctx, ev, \ -+ be_ctx, domain, \ -+ req_type, names, pvt); \ -+} \ -+ \ -+static errno_t outer_base ##_recv(struct tevent_req *req) \ -+{ \ -+ return inner_base ##_recv(req); \ -+} \ -+ - /** - * name_list contains SYSDB_NAME of all expired records. - */ -diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c -index 7b05cf9e4..13c38dff9 100644 ---- a/src/providers/ipa/ipa_refresh.c -+++ b/src/providers/ipa/ipa_refresh.c -@@ -168,73 +168,10 @@ static errno_t ipa_refresh_recv(struct tevent_req *req) - return EOK; - } - --static struct tevent_req * --ipa_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_INITGROUPS, names, pvt); --} -- --static errno_t ipa_refresh_initgroups_recv(struct tevent_req *req) --{ -- return ipa_refresh_recv(req); --} -- --static struct tevent_req * --ipa_refresh_users_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_USER, names, pvt); --} -- --static errno_t ipa_refresh_users_recv(struct tevent_req *req) --{ -- return ipa_refresh_recv(req); --} -- --static struct tevent_req * --ipa_refresh_groups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_GROUP, names, pvt); --} -- --static errno_t ipa_refresh_groups_recv(struct tevent_req *req) --{ -- return ipa_refresh_recv(req); --} -- --static struct tevent_req * --ipa_refresh_netgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return ipa_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_NETGROUP, names, pvt); --} -- --static errno_t ipa_refresh_netgroups_recv(struct tevent_req *req) --{ -- return ipa_refresh_recv(req); --} -+REFRESH_SEND_RECV_FNS(ipa_refresh_initgroups, ipa_refresh, BE_REQ_INITGROUPS); -+REFRESH_SEND_RECV_FNS(ipa_refresh_users, ipa_refresh, BE_REQ_USER); -+REFRESH_SEND_RECV_FNS(ipa_refresh_groups, ipa_refresh, BE_REQ_GROUP); -+REFRESH_SEND_RECV_FNS(ipa_refresh_netgroups, ipa_refresh, BE_REQ_NETGROUP); - - errno_t ipa_refresh_init(struct be_ctx *be_ctx, - struct ipa_id_ctx *id_ctx) -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index ff4d2116d..4e464b2f6 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -186,73 +186,10 @@ static errno_t sdap_refresh_recv(struct tevent_req *req) - return EOK; - } - --static struct tevent_req * --sdap_refresh_initgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return sdap_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_INITGROUPS, names, pvt); --} -- --static errno_t sdap_refresh_initgroups_recv(struct tevent_req *req) --{ -- return sdap_refresh_recv(req); --} -- --static struct tevent_req * --sdap_refresh_users_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return sdap_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_USER, names, pvt); --} -- --static errno_t sdap_refresh_users_recv(struct tevent_req *req) --{ -- return sdap_refresh_recv(req); --} -- --static struct tevent_req * --sdap_refresh_groups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return sdap_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_GROUP, names, pvt); --} -- --static errno_t sdap_refresh_groups_recv(struct tevent_req *req) --{ -- return sdap_refresh_recv(req); --} -- --static struct tevent_req * --sdap_refresh_netgroups_send(TALLOC_CTX *mem_ctx, -- struct tevent_context *ev, -- struct be_ctx *be_ctx, -- struct sss_domain_info *domain, -- char **names, -- void *pvt) --{ -- return sdap_refresh_send(mem_ctx, ev, be_ctx, domain, -- BE_REQ_NETGROUP, names, pvt); --} -- --static errno_t sdap_refresh_netgroups_recv(struct tevent_req *req) --{ -- return sdap_refresh_recv(req); --} -+REFRESH_SEND_RECV_FNS(sdap_refresh_initgroups, sdap_refresh, BE_REQ_INITGROUPS); -+REFRESH_SEND_RECV_FNS(sdap_refresh_users, sdap_refresh, BE_REQ_USER); -+REFRESH_SEND_RECV_FNS(sdap_refresh_groups, sdap_refresh, BE_REQ_GROUP); -+REFRESH_SEND_RECV_FNS(sdap_refresh_netgroups, sdap_refresh, BE_REQ_NETGROUP); - - errno_t sdap_refresh_init(struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx) --- -2.20.1 - diff --git a/SOURCES/0043-MAN-Amend-the-documentation-for-the-background-refre.patch b/SOURCES/0043-MAN-Amend-the-documentation-for-the-background-refre.patch deleted file mode 100644 index 27c03ac..0000000 --- a/SOURCES/0043-MAN-Amend-the-documentation-for-the-background-refre.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 67ede7a6e6199f39f8c62e3ad56c1702fc0b4298 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 26 Jun 2019 12:43:45 +0200 -Subject: [PATCH 43/48] MAN: Amend the documentation for the background refresh - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -Reviewed-by: Sumit Bose ---- - src/man/sssd.conf.5.xml | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml -index 337543e56..3b4840793 100644 ---- a/src/man/sssd.conf.5.xml -+++ b/src/man/sssd.conf.5.xml -@@ -2170,7 +2170,15 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2 - - - The background refresh will process users, -- groups and netgroups in the cache. -+ groups and netgroups in the cache. For users -+ who have performed the initgroups (get group -+ membership for user, typically ran at login) -+ operation in the past, both the user entry -+ and the group membership are updated. -+ -+ -+ This option is automatically inherited for all -+ trusted domains. - - - You can consider setting this value to --- -2.20.1 - diff --git a/SOURCES/0044-DP-SYSDB-Move-the-code-to-set-initgrExpireTimestamp-.patch b/SOURCES/0044-DP-SYSDB-Move-the-code-to-set-initgrExpireTimestamp-.patch deleted file mode 100644 index 8a169cd..0000000 --- a/SOURCES/0044-DP-SYSDB-Move-the-code-to-set-initgrExpireTimestamp-.patch +++ /dev/null @@ -1,216 +0,0 @@ -From 4ba4b2d96b59386f3fd4d8bb0c4ada4798db48b0 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 1 Jul 2019 14:15:29 +0200 -Subject: [PATCH 44/48] DP/SYSDB: Move the code to set initgrExpireTimestamp to - a reusable function - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -Because the initgroups request can, especially in the case of IPA provider -with trusts, contain several sub-requests that run some provider-specific -initgroups internally and then run post-processing AND because at the same -time concurrent requests in the responder need to be sure that the -initgrExpireTimestamp is only increased when the initgroups request is -really done, we only set the initgrExpireTimestamp in the DP when the -request finishes. - -This means, the background refresh task needs to also set the -initgrExpireTimestamp attribute on its own as well. This patch so far -splits the helper function into a reusable one so it can later be used -by the background refresh. - -For examples of the bugs caused by the initgrTimestamp being set before -the whole multi-step operation finishes, please see tickets #3744 -or #2634. - -Reviewed-by: Sumit Bose ---- - src/db/sysdb.h | 11 ++++ - src/db/sysdb_ops.c | 70 ++++++++++++++++++++++ - src/providers/data_provider/dp_target_id.c | 55 ++--------------- - 3 files changed, 85 insertions(+), 51 deletions(-) - -diff --git a/src/db/sysdb.h b/src/db/sysdb.h -index 28801e030..56fd770e4 100644 ---- a/src/db/sysdb.h -+++ b/src/db/sysdb.h -@@ -1113,6 +1113,17 @@ errno_t sysdb_store_override(struct sss_domain_info *domain, - enum sysdb_member_type type, - struct sysdb_attrs *attrs, struct ldb_dn *obj_dn); - -+/* -+ * Cache the time of last initgroups invocation. Typically this is not done when -+ * the provider-specific request itself finishes, because currently the request -+ * might hand over to other requests from a different provider (e.g. an AD user -+ * from a trusted domain might need to also call an IPA request to fetch the -+ * external groups). Instead, the caller of the initgroups request, typically -+ * the DP or the periodical refresh task sets the timestamp. -+ */ -+errno_t sysdb_set_initgr_expire_timestamp(struct sss_domain_info *domain, -+ const char *name_or_upn_or_sid); -+ - /* Password caching function. - * If you are in a transaction ignore sysdb and pass in the handle. - * If you are not in a transaction pass NULL in handle and provide sysdb, -diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c -index 55ba62140..c57a13be1 100644 ---- a/src/db/sysdb_ops.c -+++ b/src/db/sysdb_ops.c -@@ -3277,6 +3277,76 @@ int sysdb_cache_password(struct sss_domain_info *domain, - SSS_AUTHTOK_TYPE_PASSWORD, 0); - } - -+static errno_t set_initgroups_expire_attribute(struct sss_domain_info *domain, -+ const char *name) -+{ -+ errno_t ret; -+ time_t cache_timeout; -+ struct sysdb_attrs *attrs; -+ -+ attrs = sysdb_new_attrs(NULL); -+ if (attrs == NULL) { -+ return ENOMEM; -+ } -+ -+ cache_timeout = domain->user_timeout -+ ? time(NULL) + domain->user_timeout -+ : 0; -+ -+ ret = sysdb_attrs_add_time_t(attrs, SYSDB_INITGR_EXPIRE, cache_timeout); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); -+ goto done; -+ } -+ -+ ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "Failed to set initgroups expire attribute\n"); -+ goto done; -+ } -+ -+done: -+ talloc_zfree(attrs); -+ return ret; -+} -+ -+errno_t sysdb_set_initgr_expire_timestamp(struct sss_domain_info *domain, -+ const char *name_or_upn_or_sid) -+{ -+ const char *cname; -+ errno_t ret; -+ TALLOC_CTX *tmp_ctx; -+ -+ tmp_ctx = talloc_new(NULL); -+ if (!tmp_ctx) { -+ return ENOMEM; -+ } -+ -+ ret = sysdb_get_real_name(tmp_ctx, domain, name_or_upn_or_sid, &cname); -+ if (ret == ENOENT) { -+ /* No point trying to bump timestamp of an entry that does not exist..*/ -+ ret = EOK; -+ goto done; -+ } else if (ret != EOK) { -+ cname = name_or_upn_or_sid; -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Failed to canonicalize name, using [%s]\n", name_or_upn_or_sid); -+ } -+ -+ ret = set_initgroups_expire_attribute(domain, cname); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Cannot set the initgroups expire attribute [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ } -+ -+ ret = EOK; -+done: -+ talloc_free(tmp_ctx); -+ return ret; -+} -+ - /* =Custom Search================== */ - - int sysdb_search_custom(TALLOC_CTX *mem_ctx, -diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c -index 748d88674..d5b3823ac 100644 ---- a/src/providers/data_provider/dp_target_id.c -+++ b/src/providers/data_provider/dp_target_id.c -@@ -390,69 +390,22 @@ done: - return ret; - } - --static errno_t set_initgroups_expire_attribute(struct sss_domain_info *domain, -- const char *name) --{ -- errno_t ret; -- time_t cache_timeout; -- struct sysdb_attrs *attrs; -- -- attrs = sysdb_new_attrs(NULL); -- if (attrs == NULL) { -- return ENOMEM; -- } -- -- cache_timeout = domain->user_timeout -- ? time(NULL) + domain->user_timeout -- : 0; -- -- ret = sysdb_attrs_add_time_t(attrs, SYSDB_INITGR_EXPIRE, cache_timeout); -- if (ret != EOK) { -- DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); -- goto done; -- } -- -- ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); -- if (ret != EOK) { -- DEBUG(SSSDBG_CRIT_FAILURE, -- "Failed to set initgroups expire attribute\n"); -- goto done; -- } -- --done: -- talloc_zfree(attrs); -- return ret; --} -- - static void dp_req_initgr_pp_set_initgr_timestamp(struct dp_initgr_ctx *ctx, - struct dp_reply_std *reply) - { - errno_t ret; -- const char *cname; - - if (reply->dp_error != DP_ERR_OK || reply->error != EOK) { - /* Only bump the timestamp on successful lookups */ - return; - } - -- ret = sysdb_get_real_name(ctx, -- ctx->domain_info, -- ctx->filter_value, -- &cname); -- if (ret == ENOENT) { -- /* No point trying to bump timestamp of an entry that does not exist..*/ -- return; -- } else if (ret != EOK) { -- cname = ctx->filter_value; -- DEBUG(SSSDBG_MINOR_FAILURE, -- "Failed to canonicalize name, using [%s]\n", cname); -- } -- -- ret = set_initgroups_expire_attribute(ctx->domain_info, cname); -+ ret = sysdb_set_initgr_expire_timestamp(ctx->domain_info, -+ ctx->filter_value); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, -- "Cannot set the initgroups expire attribute [%d]: %s\n", -- ret, sss_strerror(ret)); -+ "Failed to set initgroups expiration for [%s]\n", -+ ctx->filter_value); - } - } - --- -2.20.1 - diff --git a/SOURCES/0045-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch b/SOURCES/0045-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch deleted file mode 100644 index 0f181c7..0000000 --- a/SOURCES/0045-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 073f79ecb75ded427d93c5f8925076646b736b1c Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 1 Jul 2019 14:26:38 +0200 -Subject: [PATCH 45/48] IPA/AD/LDAP: Increase the initgrExpireTimestamp after - finishing refresh request - -Related: https://pagure.io/SSSD/sssd/issue/4012 - -Calls sysdb_set_initgr_expire_timestamp() after each successfull refresh -of initgroups data to make sure the initgrExpireTimestamp attribute is -increased. - -If you're wondering why the timestamp is not set by the initgroups operation -itself, see tickets #3744 or #2634 for examples of bugs caused by setting -the initgrExpireTimestamp too soon. - -Reviewed-by: Sumit Bose ---- - src/providers/ad/ad_refresh.c | 12 ++++++++++++ - src/providers/ipa/ipa_refresh.c | 12 ++++++++++++ - src/providers/ldap/sdap_refresh.c | 12 ++++++++++++ - 3 files changed, 36 insertions(+) - -diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c -index 0c2ebce5e..7aa56f33e 100644 ---- a/src/providers/ad/ad_refresh.c -+++ b/src/providers/ad/ad_refresh.c -@@ -26,6 +26,7 @@ struct ad_refresh_state { - struct be_ctx *be_ctx; - struct dp_id_data *account_req; - struct ad_id_ctx *id_ctx; -+ struct sss_domain_info *domain; - char **names; - size_t index; - }; -@@ -60,6 +61,7 @@ static struct tevent_req *ad_refresh_send(TALLOC_CTX *mem_ctx, - - state->ev = ev; - state->be_ctx = be_ctx; -+ state->domain = domain; - state->id_ctx = talloc_get_type(pvt, struct ad_id_ctx); - state->names = names; - state->index = 0; -@@ -167,6 +169,16 @@ static void ad_refresh_done(struct tevent_req *subreq) - goto done; - } - -+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) { -+ ret = sysdb_set_initgr_expire_timestamp(state->domain, -+ state->account_req->filter_value); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Failed to set initgroups expiration for [%s]\n", -+ state->account_req->filter_value); -+ } -+ } -+ - ret = ad_refresh_step(req); - if (ret == EAGAIN) { - return; -diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c -index 13c38dff9..64f8db812 100644 ---- a/src/providers/ipa/ipa_refresh.c -+++ b/src/providers/ipa/ipa_refresh.c -@@ -26,6 +26,7 @@ struct ipa_refresh_state { - struct be_ctx *be_ctx; - struct dp_id_data *account_req; - struct ipa_id_ctx *id_ctx; -+ struct sss_domain_info *domain; - char **names; - size_t index; - }; -@@ -59,6 +60,7 @@ static struct tevent_req *ipa_refresh_send(TALLOC_CTX *mem_ctx, - - state->ev = ev; - state->be_ctx = be_ctx; -+ state->domain = domain; - state->id_ctx = talloc_get_type(pvt, struct ipa_id_ctx); - state->names = names; - state->index = 0; -@@ -147,6 +149,16 @@ static void ipa_refresh_done(struct tevent_req *subreq) - goto done; - } - -+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) { -+ ret = sysdb_set_initgr_expire_timestamp(state->domain, -+ state->account_req->filter_value); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Failed to set initgroups expiration for [%s]\n", -+ state->account_req->filter_value); -+ } -+ } -+ - ret = ipa_refresh_step(req); - if (ret == EAGAIN) { - return; -diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c -index 4e464b2f6..402db53a9 100644 ---- a/src/providers/ldap/sdap_refresh.c -+++ b/src/providers/ldap/sdap_refresh.c -@@ -29,6 +29,7 @@ struct sdap_refresh_state { - struct be_ctx *be_ctx; - struct dp_id_data *account_req; - struct sdap_id_ctx *id_ctx; -+ struct sss_domain_info *domain; - struct sdap_domain *sdom; - char **names; - size_t index; -@@ -63,6 +64,7 @@ static struct tevent_req *sdap_refresh_send(TALLOC_CTX *mem_ctx, - - state->ev = ev; - state->be_ctx = be_ctx; -+ state->domain = domain; - state->id_ctx = talloc_get_type(pvt, struct sdap_id_ctx); - state->names = names; - state->index = 0; -@@ -165,6 +167,16 @@ static void sdap_refresh_done(struct tevent_req *subreq) - goto done; - } - -+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) { -+ ret = sysdb_set_initgr_expire_timestamp(state->domain, -+ state->account_req->filter_value); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Failed to set initgroups expiration for [%s]\n", -+ state->account_req->filter_value); -+ } -+ } -+ - ret = sdap_refresh_step(req); - if (ret == EAGAIN) { - return; --- -2.20.1 - diff --git a/SOURCES/0046-BE-Introduce-flag-for-be_ptask_create.patch b/SOURCES/0046-BE-Introduce-flag-for-be_ptask_create.patch deleted file mode 100644 index ae2b940..0000000 --- a/SOURCES/0046-BE-Introduce-flag-for-be_ptask_create.patch +++ /dev/null @@ -1,536 +0,0 @@ -From c5a0909216c406ce3e23d6f41146daf2bb303226 Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Fri, 19 Jul 2019 13:05:44 +0200 -Subject: [PATCH 46/48] BE: Introduce flag for be_ptask_create -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The be_ptask_create has already too many parameters. Lets have flags -parameter to avoid future extending. - -Reviewed-by: Pavel Březina ---- - src/providers/ad/ad_dyndns.c | 2 +- - src/providers/ad/ad_machine_pw_renewal.c | 2 +- - src/providers/ad/ad_subdomains.c | 2 +- - src/providers/be_ptask.c | 17 +++++- - src/providers/be_ptask.h | 10 ++++ - src/providers/be_ptask_private.h | 1 + - src/providers/be_refresh.c | 2 +- - src/providers/data_provider_be.c | 2 +- - src/providers/ipa/ipa_dyndns.c | 2 +- - src/providers/ipa/ipa_subdomains.c | 2 +- - src/providers/ldap/ldap_id_cleanup.c | 2 +- - src/providers/ldap/ldap_id_enum.c | 2 +- - src/providers/ldap/sdap_sudo_shared.c | 4 +- - src/tests/cmocka/test_be_ptask.c | 67 +++++++++++++++--------- - 14 files changed, 80 insertions(+), 37 deletions(-) - -diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c -index 02ea7f24b..af765b581 100644 ---- a/src/providers/ad/ad_dyndns.c -+++ b/src/providers/ad/ad_dyndns.c -@@ -101,7 +101,7 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, - ret = be_ptask_create(ad_opts, be_ctx, period, ptask_first_delay, 0, 0, period, - BE_PTASK_OFFLINE_DISABLE, BE_PTASK_SCHEDULE_FROM_LAST, 0, - ad_dyndns_update_send, ad_dyndns_update_recv, ad_opts, -- "Dyndns update", NULL); -+ "Dyndns update", 0, NULL); - - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " -diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c -index 47941dfbf..67802c04a 100644 ---- a/src/providers/ad/ad_machine_pw_renewal.c -+++ b/src/providers/ad/ad_machine_pw_renewal.c -@@ -388,7 +388,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, - ad_machine_account_password_renewal_send, - ad_machine_account_password_renewal_recv, - renewal_data, -- "AD machine account password renewal", NULL); -+ "AD machine account password renewal", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "be_ptask_create failed.\n"); - goto done; -diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c -index 2510498da..0f46b46ad 100644 ---- a/src/providers/ad/ad_subdomains.c -+++ b/src/providers/ad/ad_subdomains.c -@@ -2070,7 +2070,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, - ad_subdomains_ptask_send, ad_subdomains_ptask_recv, sd_ctx, -- "Subdomains Refresh", NULL); -+ "Subdomains Refresh", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/be_ptask.c b/src/providers/be_ptask.c -index 32d9a03ce..56c9c82fe 100644 ---- a/src/providers/be_ptask.c -+++ b/src/providers/be_ptask.c -@@ -208,6 +208,12 @@ static void be_ptask_schedule(struct be_ptask *task, - delay = task->enabled_delay; - break; - case BE_PTASK_PERIOD: -+ if (task->flags & BE_PTASK_NO_PERIODIC) { -+ /* Periodic task is disabled, */ -+ /* only online/offline change can cause some activity. */ -+ return; -+ } -+ - delay = task->period; - - if (backoff_allowed(task) && task->period * 2 <= task->max_backoff) { -@@ -269,16 +275,21 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - be_ptask_recv_t recv_fn, - void *pvt, - const char *name, -+ uint32_t flags, - struct be_ptask **_task) - { - struct be_ptask *task = NULL; - errno_t ret; - -- if (be_ctx == NULL || period == 0 || send_fn == NULL || recv_fn == NULL -+ if (be_ctx == NULL || send_fn == NULL || recv_fn == NULL - || name == NULL) { - return EINVAL; - } - -+ if (period == 0 && (flags & BE_PTASK_NO_PERIODIC) == 0) { -+ return EINVAL; -+ } -+ - task = talloc_zero(mem_ctx, struct be_ptask); - if (task == NULL) { - ret = ENOMEM; -@@ -306,6 +317,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - goto done; - } - -+ task->flags = flags; - task->enabled = true; - - talloc_set_destructor((TALLOC_CTX*)task, be_ptask_destructor); -@@ -451,6 +463,7 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - be_ptask_sync_t fn, - void *pvt, - const char *name, -+ uint32_t flags, - struct be_ptask **_task) - { - errno_t ret; -@@ -469,7 +482,7 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - enabled_delay, random_offset, timeout, offline, - BE_PTASK_SCHEDULE_FROM_LAST, - max_backoff, be_ptask_sync_send, be_ptask_sync_recv, -- ctx, name, _task); -+ ctx, name, flags, _task); - if (ret != EOK) { - goto done; - } -diff --git a/src/providers/be_ptask.h b/src/providers/be_ptask.h -index c23278e88..a33443965 100644 ---- a/src/providers/be_ptask.h -+++ b/src/providers/be_ptask.h -@@ -30,6 +30,14 @@ struct be_ctx; - - struct be_ptask; - -+/* be_ptask flags */ -+ -+/** -+ * Do not schedule periodic task. This flag is useful for tasks that -+ * should be performend only when there is offline/online change. -+ */ -+#define BE_PTASK_NO_PERIODIC 0x0001 -+ - /** - * Defines how should task behave when back end is offline. - */ -@@ -127,6 +135,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - be_ptask_recv_t recv_fn, - void *pvt, - const char *name, -+ uint32_t flags, - struct be_ptask **_task); - - errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, -@@ -141,6 +150,7 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - be_ptask_sync_t fn, - void *pvt, - const char *name, -+ uint32_t flags, - struct be_ptask **_task); - - void be_ptask_enable(struct be_ptask *task); -diff --git a/src/providers/be_ptask_private.h b/src/providers/be_ptask_private.h -index e89105f95..496a2f9ae 100644 ---- a/src/providers/be_ptask_private.h -+++ b/src/providers/be_ptask_private.h -@@ -43,6 +43,7 @@ struct be_ptask { - time_t last_execution; /* last time when send was called */ - struct tevent_req *req; /* active tevent request */ - struct tevent_timer *timer; /* active tevent timer */ -+ uint32_t flags; - bool enabled; - }; - -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 8f50e231d..687d3f022 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -177,7 +177,7 @@ static errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - BE_PTASK_SCHEDULE_FROM_NOW, - 0, - be_refresh_send, be_refresh_recv, -- ctx, "Refresh Records", NULL); -+ ctx, "Refresh Records", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to initialize refresh periodic task [%d]: %s\n", -diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c -index 877841055..f21669b8c 100644 ---- a/src/providers/data_provider_be.c -+++ b/src/providers/data_provider_be.c -@@ -133,7 +133,7 @@ void be_mark_offline(struct be_ctx *ctx) - BE_PTASK_OFFLINE_EXECUTE, - 3600 /* max_backoff */, - try_to_go_online, -- ctx, "Check if online (periodic)", -+ ctx, "Check if online (periodic)", 0, - &ctx->check_if_online_ptask); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, -diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c -index 8e8ff5a4f..27852c2e2 100644 ---- a/src/providers/ipa/ipa_dyndns.c -+++ b/src/providers/ipa/ipa_dyndns.c -@@ -78,7 +78,7 @@ errno_t ipa_dyndns_init(struct be_ctx *be_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, - ipa_dyndns_update_send, ipa_dyndns_update_recv, ctx, -- "Dyndns update", NULL); -+ "Dyndns update", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index 3a17c851d..13e49c5c0 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -3138,7 +3138,7 @@ errno_t ipa_subdomains_init(TALLOC_CTX *mem_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, - ipa_subdomains_ptask_send, ipa_subdomains_ptask_recv, sd_ctx, -- "Subdomains Refresh", NULL); -+ "Subdomains Refresh", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c -index e50fb0f22..df56f4da4 100644 ---- a/src/providers/ldap/ldap_id_cleanup.c -+++ b/src/providers/ldap/ldap_id_cleanup.c -@@ -88,7 +88,7 @@ errno_t ldap_setup_cleanup(struct sdap_id_ctx *id_ctx, - ret = be_ptask_create_sync(sdom, id_ctx->be, period, first_delay, - 5 /* enabled delay */, 0 /* random offset */, - period /* timeout */, BE_PTASK_OFFLINE_SKIP, 0, -- ldap_cleanup_task, cleanup_ctx, name, -+ ldap_cleanup_task, cleanup_ctx, name, 0, - &sdom->cleanup_task); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize cleanup periodic " -diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c -index 062185c55..2137f6821 100644 ---- a/src/providers/ldap/ldap_id_enum.c -+++ b/src/providers/ldap/ldap_id_enum.c -@@ -102,7 +102,7 @@ errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, /* max_backoff */ - send_fn, recv_fn, -- ectx, "enumeration", &sdom->enum_task); -+ ectx, "enumeration", 0, &sdom->enum_task); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to initialize enumeration periodic task\n"); -diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c -index a00d8e6a9..59356bd44 100644 ---- a/src/providers/ldap/sdap_sudo_shared.c -+++ b/src/providers/ldap/sdap_sudo_shared.c -@@ -94,7 +94,7 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, - full_send_fn, full_recv_fn, pvt, -- "SUDO Full Refresh", NULL); -+ "SUDO Full Refresh", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup full refresh ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -@@ -113,7 +113,7 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, - smart_send_fn, smart_recv_fn, pvt, -- "SUDO Smart Refresh", NULL); -+ "SUDO Smart Refresh", 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup smart refresh ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/tests/cmocka/test_be_ptask.c b/src/tests/cmocka/test_be_ptask.c -index 03b1165bb..ac8c0767f 100644 ---- a/src/tests/cmocka/test_be_ptask.c -+++ b/src/tests/cmocka/test_be_ptask.c -@@ -306,7 +306,7 @@ void test_be_ptask_create_einval_be(void **state) - ret = be_ptask_create(test_ctx, NULL, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, "Test ptask", &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -320,7 +320,7 @@ void test_be_ptask_create_einval_period(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, 0, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, "Test ptask", &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -334,7 +334,7 @@ void test_be_ptask_create_einval_send(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, NULL, -- test_be_ptask_recv, NULL, "Test ptask", &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -348,7 +348,7 @@ void test_be_ptask_create_einval_recv(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- NULL, NULL, "Test ptask", &ptask); -+ NULL, NULL, "Test ptask", 0, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -362,7 +362,7 @@ void test_be_ptask_create_einval_name(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, NULL, &ptask); -+ test_be_ptask_recv, NULL, NULL, 0, &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -378,7 +378,7 @@ void test_be_ptask_create_no_delay(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -406,7 +406,7 @@ void test_be_ptask_create_first_delay(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, DELAY, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -432,7 +432,7 @@ void test_be_ptask_disable(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -457,7 +457,7 @@ void test_be_ptask_enable(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -490,7 +490,7 @@ void test_be_ptask_enable_delay(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, DELAY, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -530,7 +530,7 @@ void test_be_ptask_offline_skip(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -565,7 +565,7 @@ void test_be_ptask_offline_disable(void **state) - BE_PTASK_OFFLINE_DISABLE, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -597,7 +597,7 @@ void test_be_ptask_offline_execute(void **state) - BE_PTASK_OFFLINE_EXECUTE, - BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -625,7 +625,7 @@ void test_be_ptask_reschedule_ok(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -657,7 +657,7 @@ void test_be_ptask_reschedule_null(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_null_send, -- test_be_ptask_recv, test_ctx, "Test ptask", -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -685,7 +685,7 @@ void test_be_ptask_reschedule_error(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_error_recv, test_ctx, "Test ptask", -+ test_be_ptask_error_recv, test_ctx, "Test ptask", 0, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -713,7 +713,7 @@ void test_be_ptask_reschedule_timeout(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 1, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_timeout_send, -- test_be_ptask_error_recv, test_ctx, "Test ptask", -+ test_be_ptask_error_recv, test_ctx, "Test ptask", 0, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -751,7 +751,7 @@ void test_be_ptask_reschedule_backoff(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - PERIOD*2, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -806,7 +806,7 @@ void test_be_ptask_get_period(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - -@@ -827,7 +827,7 @@ void test_be_ptask_get_timeout(void **state) - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, TIMEOUT, - BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - -@@ -838,6 +838,24 @@ void test_be_ptask_get_timeout(void **state) - assert_null(ptask); - } - -+void test_be_ptask_no_periodic(void **state) -+{ -+ struct test_ctx *test_ctx = (struct test_ctx *)(*state); -+ struct be_ptask *ptask = NULL; -+ errno_t ret; -+ -+ ret = be_ptask_create(test_ctx, test_ctx->be_ctx, 0, 0, DELAY, 0, 0, -+ BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, -+ 0, test_be_ptask_send, -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_NO_PERIODIC, &ptask); -+ assert_int_equal(ret, ERR_OK); -+ assert_non_null(ptask); -+ -+ be_ptask_destroy(&ptask); -+ assert_null(ptask); -+} -+ - void test_be_ptask_create_sync(void **state) - { - struct test_ctx *test_ctx = (struct test_ctx *)(*state); -@@ -848,7 +866,7 @@ void test_be_ptask_create_sync(void **state) - now = get_current_time(); - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_sync, -- test_ctx, "Test ptask", &ptask); -+ test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -876,7 +894,7 @@ void test_be_ptask_sync_reschedule_ok(void **state) - now = get_current_time(); - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_sync, -- test_ctx, "Test ptask", &ptask); -+ test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -908,7 +926,7 @@ void test_be_ptask_sync_reschedule_error(void **state) - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, 0, - test_be_ptask_sync_error, -- test_ctx, "Test ptask", &ptask); -+ test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -938,7 +956,7 @@ void test_be_ptask_sync_reschedule_backoff(void **state) - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, - BE_PTASK_OFFLINE_SKIP, PERIOD*2, - test_be_ptask_sync_error, -- test_ctx, "Test ptask", &ptask); -+ test_ctx, "Test ptask", 0, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -1014,6 +1032,7 @@ int main(int argc, const char *argv[]) - new_test(be_ptask_reschedule_backoff), - new_test(be_ptask_get_period), - new_test(be_ptask_get_timeout), -+ new_test(be_ptask_no_periodic), - new_test(be_ptask_create_sync), - new_test(be_ptask_sync_reschedule_ok), - new_test(be_ptask_sync_reschedule_error), --- -2.20.1 - diff --git a/SOURCES/0047-BE-Convert-be_ptask-params-to-flags.patch b/SOURCES/0047-BE-Convert-be_ptask-params-to-flags.patch deleted file mode 100644 index af30e21..0000000 --- a/SOURCES/0047-BE-Convert-be_ptask-params-to-flags.patch +++ /dev/null @@ -1,916 +0,0 @@ -From f5ef6aa9965fec34c8de9fe2635b0e5c5b8a0ab9 Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Fri, 19 Jul 2019 15:59:32 +0200 -Subject: [PATCH 47/48] BE: Convert be_ptask params to flags -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The be_ptask_create call has a lot of parameters. -Some of them can be converted to flags to simplify -the declaration. - -Reviewed-by: Pavel Březina ---- - src/providers/ad/ad_dyndns.c | 9 +- - src/providers/ad/ad_machine_pw_renewal.c | 10 +- - src/providers/ad/ad_subdomains.c | 11 +- - src/providers/be_ptask.c | 74 ++++++--- - src/providers/be_ptask.h | 39 ++--- - src/providers/be_ptask_private.h | 2 - - src/providers/be_refresh.c | 9 +- - src/providers/data_provider_be.c | 4 +- - src/providers/ipa/ipa_dyndns.c | 7 +- - src/providers/ipa/ipa_subdomains.c | 7 +- - src/providers/ldap/ldap_id_cleanup.c | 5 +- - src/providers/ldap/ldap_id_enum.c | 6 +- - src/providers/ldap/sdap_sudo_shared.c | 16 +- - src/tests/cmocka/test_be_ptask.c | 194 ++++++++++++++++------- - 14 files changed, 251 insertions(+), 142 deletions(-) - -diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c -index af765b581..c9763d449 100644 ---- a/src/providers/ad/ad_dyndns.c -+++ b/src/providers/ad/ad_dyndns.c -@@ -98,10 +98,13 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, - return EINVAL; - } - -- ret = be_ptask_create(ad_opts, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, BE_PTASK_SCHEDULE_FROM_LAST, 0, -+ ret = be_ptask_create(ad_opts, be_ctx, period, ptask_first_delay, 0, 0, -+ period, 0, - ad_dyndns_update_send, ad_dyndns_update_recv, ad_opts, -- "Dyndns update", 0, NULL); -+ "Dyndns update", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " -diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c -index 67802c04a..9dc36247a 100644 ---- a/src/providers/ad/ad_machine_pw_renewal.c -+++ b/src/providers/ad/ad_machine_pw_renewal.c -@@ -381,14 +381,14 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, - goto done; - } - -- ret = be_ptask_create(be_ctx, be_ctx, period, initial_delay, 0, 0, 60, -- BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, -- 0, -+ ret = be_ptask_create(be_ctx, be_ctx, period, initial_delay, 0, 0, 60, 0, - ad_machine_account_password_renewal_send, - ad_machine_account_password_renewal_recv, - renewal_data, -- "AD machine account password renewal", 0, NULL); -+ "AD machine account password renewal", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "be_ptask_create failed.\n"); - goto done; -diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c -index 0f46b46ad..d934e70d6 100644 ---- a/src/providers/ad/ad_subdomains.c -+++ b/src/providers/ad/ad_subdomains.c -@@ -2065,12 +2065,13 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, - struct ad_subdomains_ctx, struct dp_subdomains_data, struct dp_reply_std); - - period = be_ctx->domain->subdomain_refresh_interval; -- ret = be_ptask_create(sd_ctx, be_ctx, period, 0, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, -+ ret = be_ptask_create(sd_ctx, be_ctx, period, 0, 0, 0, period, 0, -+ ad_subdomains_ptask_send, ad_subdomains_ptask_recv, -+ sd_ctx, -+ "Subdomains Refresh", -+ BE_PTASK_OFFLINE_DISABLE | - BE_PTASK_SCHEDULE_FROM_LAST, -- 0, -- ad_subdomains_ptask_send, ad_subdomains_ptask_recv, sd_ctx, -- "Subdomains Refresh", 0, NULL); -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/be_ptask.c b/src/providers/be_ptask.c -index 56c9c82fe..9a432c948 100644 ---- a/src/providers/be_ptask.c -+++ b/src/providers/be_ptask.c -@@ -38,7 +38,7 @@ enum be_ptask_delay { - - static void be_ptask_schedule(struct be_ptask *task, - enum be_ptask_delay delay_type, -- enum be_ptask_schedule from); -+ uint32_t from); - - static int be_ptask_destructor(void *pvt) - { -@@ -107,21 +107,20 @@ static void be_ptask_execute(struct tevent_context *ev, - - if (be_is_offline(task->be_ctx)) { - DEBUG(SSSDBG_TRACE_FUNC, "Back end is offline\n"); -- switch (task->offline) { -- case BE_PTASK_OFFLINE_SKIP: -+ if (task->flags & BE_PTASK_OFFLINE_SKIP) { - be_ptask_schedule(task, BE_PTASK_PERIOD, - BE_PTASK_SCHEDULE_FROM_NOW); - return; -- case BE_PTASK_OFFLINE_DISABLE: -+ } -+ else if(task->flags & BE_PTASK_OFFLINE_DISABLE) { - /* This case is normally handled by offline callback but we - * should handle it here as well since we can get here in some - * special cases for example unit tests or tevent events order. */ - be_ptask_disable(task); - return; -- case BE_PTASK_OFFLINE_EXECUTE: -- /* continue */ -- break; - } -+ /* BE_PTASK_OFFLINE_EXECUTE */ -+ /* continue */ - } - - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: executing task, timeout %lu " -@@ -177,7 +176,7 @@ static void be_ptask_done(struct tevent_req *req) - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: finished successfully\n", - task->name); - -- be_ptask_schedule(task, BE_PTASK_PERIOD, task->success_schedule_type); -+ be_ptask_schedule(task, BE_PTASK_PERIOD, task->flags); - break; - default: - DEBUG(SSSDBG_OP_FAILURE, "Task [%s]: failed with [%d]: %s\n", -@@ -190,7 +189,7 @@ static void be_ptask_done(struct tevent_req *req) - - static void be_ptask_schedule(struct be_ptask *task, - enum be_ptask_delay delay_type, -- enum be_ptask_schedule from) -+ uint32_t from) - { - struct timeval tv = { 0, }; - time_t delay = 0; -@@ -228,20 +227,18 @@ static void be_ptask_schedule(struct be_ptask *task, - delay = delay + (rand_r(&task->ro_seed) % task->random_offset); - } - -- switch (from) { -- case BE_PTASK_SCHEDULE_FROM_NOW: -+ if(from | BE_PTASK_SCHEDULE_FROM_NOW) { - tv = tevent_timeval_current_ofs(delay, 0); - - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: scheduling task %lu seconds " - "from now [%lu]\n", task->name, delay, tv.tv_sec); -- break; -- case BE_PTASK_SCHEDULE_FROM_LAST: -+ } -+ else if (from | BE_PTASK_SCHEDULE_FROM_LAST) { - tv = tevent_timeval_set(task->last_execution + delay, 0); - - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: scheduling task %lu seconds " - "from last execution time [%lu]\n", - task->name, delay, tv.tv_sec); -- break; - } - - if (task->timer != NULL) { -@@ -261,6 +258,36 @@ static void be_ptask_schedule(struct be_ptask *task, - task->next_execution = tv.tv_sec; - } - -+static unsigned int be_ptask_flag_bits(uint32_t flags) -+{ -+ unsigned int cnt = 0; -+ while (flags != 0) { -+ cnt += flags & 1; -+ flags >>= 1; -+ } -+ return cnt; -+} -+ -+static int be_ptask_flag_check(uint32_t flags) -+{ -+ uint32_t tmpflags; -+ -+ tmpflags = flags & (BE_PTASK_SCHEDULE_FROM_LAST | -+ BE_PTASK_SCHEDULE_FROM_NOW); -+ if (be_ptask_flag_bits(tmpflags) != 1) { -+ return EINVAL; -+ } -+ -+ tmpflags = flags & (BE_PTASK_OFFLINE_SKIP | -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_OFFLINE_EXECUTE); -+ if (be_ptask_flag_bits(tmpflags) != 1) { -+ return EINVAL; -+ } -+ -+ return EOK; -+} -+ - errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - struct be_ctx *be_ctx, - time_t period, -@@ -268,8 +295,6 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t random_offset, - time_t timeout, -- enum be_ptask_offline offline, -- enum be_ptask_schedule success_schedule_type, - time_t max_backoff, - be_ptask_send_t send_fn, - be_ptask_recv_t recv_fn, -@@ -290,6 +315,12 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - return EINVAL; - } - -+ /* check flags, some of them are exclusive, some must be present */ -+ ret = be_ptask_flag_check(flags); -+ if (ret != EOK) { -+ return ret; -+ } -+ - task = talloc_zero(mem_ctx, struct be_ptask); - if (task == NULL) { - ret = ENOMEM; -@@ -306,8 +337,6 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - task->ro_seed = time(NULL) * getpid(); - task->max_backoff = max_backoff; - task->timeout = timeout; -- task->offline = offline; -- task->success_schedule_type = success_schedule_type; - task->send_fn = send_fn; - task->recv_fn = recv_fn; - task->pvt = pvt; -@@ -322,7 +351,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - - talloc_set_destructor((TALLOC_CTX*)task, be_ptask_destructor); - -- if (offline == BE_PTASK_OFFLINE_DISABLE) { -+ if (flags & BE_PTASK_OFFLINE_DISABLE) { - /* install offline and online callbacks */ - ret = be_add_online_cb(task, be_ctx, be_ptask_online_cb, task, NULL); - if (ret != EOK) { -@@ -458,7 +487,6 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t random_offset, - time_t timeout, -- enum be_ptask_offline offline, - time_t max_backoff, - be_ptask_sync_t fn, - void *pvt, -@@ -479,10 +507,10 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - ctx->pvt = pvt; - - ret = be_ptask_create(mem_ctx, be_ctx, period, first_delay, -- enabled_delay, random_offset, timeout, offline, -- BE_PTASK_SCHEDULE_FROM_LAST, -+ enabled_delay, random_offset, timeout, - max_backoff, be_ptask_sync_send, be_ptask_sync_recv, -- ctx, name, flags, _task); -+ ctx, name, flags | BE_PTASK_SCHEDULE_FROM_LAST, -+ _task); - if (ret != EOK) { - goto done; - } -diff --git a/src/providers/be_ptask.h b/src/providers/be_ptask.h -index a33443965..640c8570a 100644 ---- a/src/providers/be_ptask.h -+++ b/src/providers/be_ptask.h -@@ -39,33 +39,23 @@ struct be_ptask; - #define BE_PTASK_NO_PERIODIC 0x0001 - - /** -- * Defines how should task behave when back end is offline. -+ * Flags defining the starting point for scheduling a task - */ --enum be_ptask_offline { -- /* current request will be skipped and rescheduled to 'now + period' */ -- BE_PTASK_OFFLINE_SKIP, -- -- /* An offline and online callback is registered. The task is disabled -- * immediately when back end goes offline and then enabled again -- * when back end goes back online */ -- BE_PTASK_OFFLINE_DISABLE, -- -- /* current request will be executed as planned */ -- BE_PTASK_OFFLINE_EXECUTE --}; -+/* Schedule starting from now, typically this is used when scheduling -+ * relative to the finish time */ -+#define BE_PTASK_SCHEDULE_FROM_NOW 0x0002 -+/* Schedule relative to the start time of the task */ -+#define BE_PTASK_SCHEDULE_FROM_LAST 0x0004 - - /** -- * Defines the starting point for scheduling a task -+ * Flags defining how should task behave when back end is offline. - */ --enum be_ptask_schedule { -- /* Schedule starting from now, typically this is used when scheduling -- * relative to the finish time -- */ -- BE_PTASK_SCHEDULE_FROM_NOW, -- /* Schedule relative to the start time of the task -- */ -- BE_PTASK_SCHEDULE_FROM_LAST --}; -+/* current request will be skipped and rescheduled to 'now + period' */ -+#define BE_PTASK_OFFLINE_SKIP 0x0008 -+/* An offline and online callback is registered. The task is disabled */ -+#define BE_PTASK_OFFLINE_DISABLE 0x0010 -+/* current request will be executed as planned */ -+#define BE_PTASK_OFFLINE_EXECUTE 0x0020 - - typedef struct tevent_req * - (*be_ptask_send_t)(TALLOC_CTX *mem_ctx, -@@ -128,8 +118,6 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t random_offset, - time_t timeout, -- enum be_ptask_offline offline, -- enum be_ptask_schedule success_schedule_type, - time_t max_backoff, - be_ptask_send_t send_fn, - be_ptask_recv_t recv_fn, -@@ -145,7 +133,6 @@ errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t random_offset, - time_t timeout, -- enum be_ptask_offline offline, - time_t max_backoff, - be_ptask_sync_t fn, - void *pvt, -diff --git a/src/providers/be_ptask_private.h b/src/providers/be_ptask_private.h -index 496a2f9ae..f3e5beec7 100644 ---- a/src/providers/be_ptask_private.h -+++ b/src/providers/be_ptask_private.h -@@ -31,8 +31,6 @@ struct be_ptask { - unsigned int ro_seed; - time_t timeout; - time_t max_backoff; -- enum be_ptask_offline offline; -- enum be_ptask_schedule success_schedule_type; - be_ptask_send_t send_fn; - be_ptask_recv_t recv_fn; - void *pvt; -diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c -index 687d3f022..6cce38390 100644 ---- a/src/providers/be_refresh.c -+++ b/src/providers/be_refresh.c -@@ -173,11 +173,12 @@ static errno_t be_refresh_ctx_init(struct be_ctx *be_ctx, - refresh_interval = be_ctx->domain->refresh_expired_interval; - if (refresh_interval > 0) { - ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0, -- refresh_interval, BE_PTASK_OFFLINE_SKIP, -- BE_PTASK_SCHEDULE_FROM_NOW, -- 0, -+ refresh_interval, 0, - be_refresh_send, be_refresh_recv, -- ctx, "Refresh Records", 0, NULL); -+ ctx, "Refresh Records", -+ BE_PTASK_OFFLINE_SKIP | -+ BE_PTASK_SCHEDULE_FROM_NOW, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to initialize refresh periodic task [%d]: %s\n", -diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c -index f21669b8c..ce00231ff 100644 ---- a/src/providers/data_provider_be.c -+++ b/src/providers/data_provider_be.c -@@ -130,10 +130,10 @@ void be_mark_offline(struct be_ctx *ctx) - ret = be_ptask_create_sync(ctx, ctx, - offline_timeout, offline_timeout, - offline_timeout, 30, offline_timeout, -- BE_PTASK_OFFLINE_EXECUTE, - 3600 /* max_backoff */, - try_to_go_online, -- ctx, "Check if online (periodic)", 0, -+ ctx, "Check if online (periodic)", -+ BE_PTASK_OFFLINE_EXECUTE, - &ctx->check_if_online_ptask); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, -diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c -index 27852c2e2..f8831287a 100644 ---- a/src/providers/ipa/ipa_dyndns.c -+++ b/src/providers/ipa/ipa_dyndns.c -@@ -74,11 +74,12 @@ errno_t ipa_dyndns_init(struct be_ctx *be_ctx, - } - - ret = be_ptask_create(ctx, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, - ipa_dyndns_update_send, ipa_dyndns_update_recv, ctx, -- "Dyndns update", 0, NULL); -+ "Dyndns update", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index 13e49c5c0..d000f1230 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -3134,11 +3134,12 @@ errno_t ipa_subdomains_init(TALLOC_CTX *mem_ctx, - - period = be_ctx->domain->subdomain_refresh_interval; - ret = be_ptask_create(sd_ctx, be_ctx, period, ptask_first_delay, 0, 0, period, -- BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, - ipa_subdomains_ptask_send, ipa_subdomains_ptask_recv, sd_ctx, -- "Subdomains Refresh", 0, NULL); -+ "Subdomains Refresh", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c -index df56f4da4..a62060337 100644 ---- a/src/providers/ldap/ldap_id_cleanup.c -+++ b/src/providers/ldap/ldap_id_cleanup.c -@@ -87,8 +87,9 @@ errno_t ldap_setup_cleanup(struct sdap_id_ctx *id_ctx, - - ret = be_ptask_create_sync(sdom, id_ctx->be, period, first_delay, - 5 /* enabled delay */, 0 /* random offset */, -- period /* timeout */, BE_PTASK_OFFLINE_SKIP, 0, -- ldap_cleanup_task, cleanup_ctx, name, 0, -+ period /* timeout */, 0, -+ ldap_cleanup_task, cleanup_ctx, name, -+ BE_PTASK_OFFLINE_SKIP, - &sdom->cleanup_task); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize cleanup periodic " -diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c -index 2137f6821..009d9d275 100644 ---- a/src/providers/ldap/ldap_id_enum.c -+++ b/src/providers/ldap/ldap_id_enum.c -@@ -98,11 +98,11 @@ errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, - 5, /* enabled delay */ - 0, /* random offset */ - period, /* timeout */ -- BE_PTASK_OFFLINE_SKIP, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, /* max_backoff */ - send_fn, recv_fn, -- ectx, "enumeration", 0, &sdom->enum_task); -+ ectx, "enumeration", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &sdom->enum_task); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to initialize enumeration periodic task\n"); -diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c -index 59356bd44..062a95ab6 100644 ---- a/src/providers/ldap/sdap_sudo_shared.c -+++ b/src/providers/ldap/sdap_sudo_shared.c -@@ -90,11 +90,12 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - * when offline. */ - if (full > 0) { - ret = be_ptask_create(be_ctx, be_ctx, full, delay, 0, 0, full, -- BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, - full_send_fn, full_recv_fn, pvt, -- "SUDO Full Refresh", 0, NULL); -+ "SUDO Full Refresh", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup full refresh ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -@@ -109,11 +110,12 @@ sdap_sudo_ptask_setup_generic(struct be_ctx *be_ctx, - * when offline. */ - if (smart > 0) { - ret = be_ptask_create(be_ctx, be_ctx, smart, delay + smart, smart, 0, -- smart, BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, -- 0, -+ smart, 0, - smart_send_fn, smart_recv_fn, pvt, -- "SUDO Smart Refresh", 0, NULL); -+ "SUDO Smart Refresh", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup smart refresh ptask " - "[%d]: %s\n", ret, sss_strerror(ret)); -diff --git a/src/tests/cmocka/test_be_ptask.c b/src/tests/cmocka/test_be_ptask.c -index ac8c0767f..b30775306 100644 ---- a/src/tests/cmocka/test_be_ptask.c -+++ b/src/tests/cmocka/test_be_ptask.c -@@ -304,9 +304,10 @@ void test_be_ptask_create_einval_be(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, NULL, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -318,9 +319,10 @@ void test_be_ptask_create_einval_period(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, 0, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -332,9 +334,10 @@ void test_be_ptask_create_einval_send(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, NULL, -- test_be_ptask_recv, NULL, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -346,9 +349,10 @@ void test_be_ptask_create_einval_recv(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- NULL, NULL, "Test ptask", 0, &ptask); -+ NULL, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -360,9 +364,72 @@ void test_be_ptask_create_einval_name(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, NULL, NULL, 0, &ptask); -+ test_be_ptask_recv, NULL, NULL, -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); -+ assert_int_equal(ret, EINVAL); -+ assert_null(ptask); -+} -+ -+void test_be_ptask_mixed_from_flags_einval(void **state) -+{ -+ struct test_ctx *test_ctx = (struct test_ctx *)(*state); -+ struct be_ptask *ptask = NULL; -+ errno_t ret; -+ -+ ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -+ 0, test_be_ptask_send, -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | -+ BE_PTASK_SCHEDULE_FROM_LAST | -+ BE_PTASK_SCHEDULE_FROM_NOW, -+ &ptask); -+ assert_int_equal(ret, EINVAL); -+ assert_null(ptask); -+} -+ -+void test_be_ptask_no_from_flags_einval(void **state) -+{ -+ struct test_ctx *test_ctx = (struct test_ctx *)(*state); -+ struct be_ptask *ptask = NULL; -+ errno_t ret; -+ -+ ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -+ 0, test_be_ptask_send, -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP, -+ &ptask); -+ assert_int_equal(ret, EINVAL); -+ assert_null(ptask); -+} -+void test_be_ptask_mixed_offline_flags_einval(void **state) -+{ -+ struct test_ctx *test_ctx = (struct test_ctx *)(*state); -+ struct be_ptask *ptask = NULL; -+ errno_t ret; -+ -+ ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -+ 0, test_be_ptask_send, -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_NOW, -+ &ptask); -+ assert_int_equal(ret, EINVAL); -+ assert_null(ptask); -+} -+void test_be_ptask_no_offline_flags_einval(void **state) -+{ -+ struct test_ctx *test_ctx = (struct test_ctx *)(*state); -+ struct be_ptask *ptask = NULL; -+ errno_t ret; -+ -+ ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -+ 0, test_be_ptask_send, -+ test_be_ptask_recv, NULL, "Test ptask", -+ BE_PTASK_SCHEDULE_FROM_NOW, -+ &ptask); - assert_int_equal(ret, EINVAL); - assert_null(ptask); - } -@@ -376,9 +443,10 @@ void test_be_ptask_create_no_delay(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -404,9 +472,10 @@ void test_be_ptask_create_first_delay(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, DELAY, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -430,9 +499,10 @@ void test_be_ptask_disable(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -455,9 +525,10 @@ void test_be_ptask_enable(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -488,9 +559,10 @@ void test_be_ptask_enable_delay(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, DELAY, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -528,9 +600,10 @@ void test_be_ptask_offline_skip(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -562,10 +635,11 @@ void test_be_ptask_offline_disable(void **state) - will_return(be_add_offline_cb, test_ctx); - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_DISABLE, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_DISABLE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -594,10 +668,11 @@ void test_be_ptask_offline_execute(void **state) - mark_offline(test_ctx); - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_EXECUTE, -- BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_EXECUTE | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -623,9 +698,10 @@ void test_be_ptask_reschedule_ok(void **state) - - now = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -655,9 +731,9 @@ void test_be_ptask_reschedule_null(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_null_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -683,9 +759,9 @@ void test_be_ptask_reschedule_error(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_error_recv, test_ctx, "Test ptask", 0, -+ test_be_ptask_error_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -711,9 +787,9 @@ void test_be_ptask_reschedule_timeout(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 1, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_timeout_send, -- test_be_ptask_error_recv, test_ctx, "Test ptask", 0, -+ test_be_ptask_error_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, - &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); -@@ -749,9 +825,10 @@ void test_be_ptask_reschedule_backoff(void **state) - - now_first = get_current_time(); - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - PERIOD*2, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -804,9 +881,10 @@ void test_be_ptask_get_period(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - -@@ -825,9 +903,10 @@ void test_be_ptask_get_timeout(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, TIMEOUT, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, -- test_be_ptask_recv, test_ctx, "Test ptask", 0, &ptask); -+ test_be_ptask_recv, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP | BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - -@@ -845,10 +924,12 @@ void test_be_ptask_no_periodic(void **state) - errno_t ret; - - ret = be_ptask_create(test_ctx, test_ctx->be_ctx, 0, 0, DELAY, 0, 0, -- BE_PTASK_OFFLINE_SKIP, BE_PTASK_SCHEDULE_FROM_LAST, - 0, test_be_ptask_send, - test_be_ptask_recv, test_ctx, "Test ptask", -- BE_PTASK_NO_PERIODIC, &ptask); -+ BE_PTASK_NO_PERIODIC | -+ BE_PTASK_OFFLINE_SKIP | -+ BE_PTASK_SCHEDULE_FROM_LAST, -+ &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - -@@ -865,8 +946,8 @@ void test_be_ptask_create_sync(void **state) - - now = get_current_time(); - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_sync, -- test_ctx, "Test ptask", 0, &ptask); -+ 0, test_be_ptask_sync, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -893,8 +974,8 @@ void test_be_ptask_sync_reschedule_ok(void **state) - - now = get_current_time(); - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, test_be_ptask_sync, -- test_ctx, "Test ptask", 0, &ptask); -+ 0, test_be_ptask_sync, test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -924,9 +1005,9 @@ void test_be_ptask_sync_reschedule_error(void **state) - errno_t ret; - - ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, 0, -- test_be_ptask_sync_error, -- test_ctx, "Test ptask", 0, &ptask); -+ 0, test_be_ptask_sync_error, -+ test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -953,10 +1034,11 @@ void test_be_ptask_sync_reschedule_backoff(void **state) - errno_t ret; - - now_first = get_current_time(); -- ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, 0, 0, 0, 0, -- BE_PTASK_OFFLINE_SKIP, PERIOD*2, -+ ret = be_ptask_create_sync(test_ctx, test_ctx->be_ctx, PERIOD, -+ 0, 0, 0, 0, PERIOD*2, - test_be_ptask_sync_error, -- test_ctx, "Test ptask", 0, &ptask); -+ test_ctx, "Test ptask", -+ BE_PTASK_OFFLINE_SKIP, &ptask); - assert_int_equal(ret, ERR_OK); - assert_non_null(ptask); - assert_non_null(ptask->timer); -@@ -1017,6 +1099,10 @@ int main(int argc, const char *argv[]) - new_test(be_ptask_create_einval_send), - new_test(be_ptask_create_einval_recv), - new_test(be_ptask_create_einval_name), -+ new_test(be_ptask_mixed_from_flags_einval), -+ new_test(be_ptask_no_from_flags_einval), -+ new_test(be_ptask_mixed_offline_flags_einval), -+ new_test(be_ptask_no_offline_flags_einval), - new_test(be_ptask_create_no_delay), - new_test(be_ptask_create_first_delay), - new_test(be_ptask_disable), --- -2.20.1 - diff --git a/SOURCES/0048-DYNDNS-dyndns_update-is-not-enough.patch b/SOURCES/0048-DYNDNS-dyndns_update-is-not-enough.patch deleted file mode 100644 index aee251f..0000000 --- a/SOURCES/0048-DYNDNS-dyndns_update-is-not-enough.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 07b5dd9640071cf5ca5cd91acfc84af8d0cf69fe Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Fri, 19 Jul 2019 16:52:43 +0200 -Subject: [PATCH 48/48] DYNDNS: dyndns_update is not enough -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When dyndns_update is set to True and dyndns_refresh_interval is -not set or set to 0, DNS is not updated at all. - -With this patch DNS is updated when sssd changes its state to -online. - -If dyndns_refresh_interval is set, updates are performed as -before - i. e. when comming online and then every -dyndns_refresh_interval. - -Resolves: -https://pagure.io/SSSD/sssd/issue/4047 - -Reviewed-by: Pavel Březina ---- - src/providers/ad/ad_dyndns.c | 6 ++++-- - src/providers/ipa/ipa_dyndns.c | 6 ++++-- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c -index c9763d449..00e1d253a 100644 ---- a/src/providers/ad/ad_dyndns.c -+++ b/src/providers/ad/ad_dyndns.c -@@ -56,6 +56,7 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, - errno_t ret; - const time_t ptask_first_delay = 10; - int period; -+ uint32_t extraflags = 0; - - /* nsupdate is available. Dynamic updates - * are supported -@@ -93,15 +94,16 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, - - period = dp_opt_get_int(ad_opts->dyndns_ctx->opts, DP_OPT_DYNDNS_REFRESH_INTERVAL); - if (period == 0) { -- DEBUG(SSSDBG_OP_FAILURE, "Dyndns update task can't be started, " -+ DEBUG(SSSDBG_TRACE_FUNC, "DNS will not be updated periodically, " - "dyndns_refresh_interval is 0\n"); -- return EINVAL; -+ extraflags |= BE_PTASK_NO_PERIODIC; - } - - ret = be_ptask_create(ad_opts, be_ctx, period, ptask_first_delay, 0, 0, - period, 0, - ad_dyndns_update_send, ad_dyndns_update_recv, ad_opts, - "Dyndns update", -+ extraflags | - BE_PTASK_OFFLINE_DISABLE | - BE_PTASK_SCHEDULE_FROM_LAST, - NULL); -diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c -index f8831287a..9404ea9cb 100644 ---- a/src/providers/ipa/ipa_dyndns.c -+++ b/src/providers/ipa/ipa_dyndns.c -@@ -58,6 +58,7 @@ errno_t ipa_dyndns_init(struct be_ctx *be_ctx, - errno_t ret; - const time_t ptask_first_delay = 10; - int period; -+ uint32_t extraflags = 0; - - ctx->be_res = be_ctx->be_res; - if (ctx->be_res == NULL) { -@@ -68,15 +69,16 @@ errno_t ipa_dyndns_init(struct be_ctx *be_ctx, - - period = dp_opt_get_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_REFRESH_INTERVAL); - if (period == 0) { -- DEBUG(SSSDBG_OP_FAILURE, "Dyndns task can't be started, " -+ DEBUG(SSSDBG_TRACE_FUNC, "DNS will not be updated periodically, " - "dyndns_refresh_interval is 0\n"); -- return EINVAL; -+ extraflags |= BE_PTASK_NO_PERIODIC; - } - - ret = be_ptask_create(ctx, be_ctx, period, ptask_first_delay, 0, 0, period, - 0, - ipa_dyndns_update_send, ipa_dyndns_update_recv, ctx, - "Dyndns update", -+ extraflags | - BE_PTASK_OFFLINE_DISABLE | - BE_PTASK_SCHEDULE_FROM_LAST, - NULL); --- -2.20.1 - diff --git a/SOURCES/0049-tests-Use-idm-DL1-module-to-install-389-ds.patch b/SOURCES/0049-tests-Use-idm-DL1-module-to-install-389-ds.patch deleted file mode 100644 index f3834ac..0000000 --- a/SOURCES/0049-tests-Use-idm-DL1-module-to-install-389-ds.patch +++ /dev/null @@ -1,31 +0,0 @@ -From bd14c31c37da420d3a9c478cadded97545e6609a Mon Sep 17 00:00:00 2001 -From: "Niranjan M.R" -Date: Tue, 20 Aug 2019 15:19:14 +0530 -Subject: [PATCH] tests: Use idm:DL1 module to install 389-ds -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Niranjan M.R - -Reviewed-by: Michal Židek ---- - src/tests/multihost/basic/conftest.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py -index a9e9cf0a6..87f74031c 100644 ---- a/src/tests/multihost/basic/conftest.py -+++ b/src/tests/multihost/basic/conftest.py -@@ -42,7 +42,7 @@ def package_install(session_multihost): - if 'Fedora' in distro: - cmd = 'dnf install -y %s' % (pkg_list) - elif '8.' in distro.split()[5]: -- cmd = 'dnf module -y install 389-ds:1.4' -+ cmd = 'yum -y module enable idm:DL1' - session_multihost.master[0].run_command(cmd) - - --- -2.20.1 - diff --git a/SOURCES/0050-pam-keep-pin-on-the-PAM-stack-for-forward_pass.patch b/SOURCES/0050-pam-keep-pin-on-the-PAM-stack-for-forward_pass.patch deleted file mode 100644 index 0bfa18b..0000000 --- a/SOURCES/0050-pam-keep-pin-on-the-PAM-stack-for-forward_pass.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e989620bd2b4f7094dee3ef740ba92d0cf45d0c8 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Mon, 19 Aug 2019 17:38:04 +0200 -Subject: [PATCH] pam: keep pin on the PAM stack for forward_pass -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently only the password or the long-term part of a two-factor -authentication was kept on the PM stack if pam_sss.so has the option -forward_pass. With this patch the Smartcard PIN can be forwarded to -other PAM modules as well. - -Related https://pagure.io/SSSD/sssd/issue/4067 - -Reviewed-by: Pavel Březina ---- - src/sss_client/pam_sss.c | 11 ++++++++++- - src/tests/cmocka/test_authtok.c | 5 +++++ - src/util/authtok-utils.c | 33 +++++++++++++++++++++++++++++++++ - src/util/authtok-utils.h | 10 ++++++++++ - 4 files changed, 58 insertions(+), 1 deletion(-) - -diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c -index cfd3e3731..e36407b72 100644 ---- a/src/sss_client/pam_sss.c -+++ b/src/sss_client/pam_sss.c -@@ -2116,6 +2116,7 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, - uint32_t flags) - { - int ret; -+ const char *pin = NULL; - - if ((flags & PAM_CLI_FLAGS_USE_FIRST_PASS) - || ( pi->pamstack_authtok != NULL -@@ -2166,11 +2167,19 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, - if (flags & PAM_CLI_FLAGS_FORWARD_PASS) { - if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_PASSWORD) { - ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_authtok); -+ } else if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_SC_PIN) { -+ pin = sss_auth_get_pin_from_sc_blob((uint8_t *) pi->pam_authtok, -+ pi->pam_authtok_size); -+ if (pin != NULL) { -+ ret = pam_set_item(pamh, PAM_AUTHTOK, pin); -+ } else { -+ ret = PAM_SYSTEM_ERR; -+ } - } else if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_2FA - && pi->first_factor != NULL) { - ret = pam_set_item(pamh, PAM_AUTHTOK, pi->first_factor); - } else { -- ret = EINVAL; -+ ret = PAM_SYSTEM_ERR; - } - if (ret != PAM_SUCCESS) { - D(("Failed to set PAM_AUTHTOK [%s], " -diff --git a/src/tests/cmocka/test_authtok.c b/src/tests/cmocka/test_authtok.c -index 84e209783..a8f5bdee7 100644 ---- a/src/tests/cmocka/test_authtok.c -+++ b/src/tests/cmocka/test_authtok.c -@@ -473,6 +473,11 @@ void test_sss_authtok_sc_blobs(void **state) - needed_size); - #endif - -+ pin = sss_auth_get_pin_from_sc_blob(buf, needed_size); -+ assert_non_null(pin); -+ assert_string_equal(pin, "abc"); -+ pin = NULL; -+ - ret = sss_authtok_set(ts->authtoken, SSS_AUTHTOK_TYPE_SC_PIN, buf, - needed_size); - assert_int_equal(ret, EOK); -diff --git a/src/util/authtok-utils.c b/src/util/authtok-utils.c -index e7123df34..e50f86741 100644 ---- a/src/util/authtok-utils.c -+++ b/src/util/authtok-utils.c -@@ -163,3 +163,36 @@ errno_t sss_auth_pack_sc_blob(const char *pin, size_t pin_len, - - return 0; - } -+ -+const char *sss_auth_get_pin_from_sc_blob(uint8_t *blob, size_t blob_len) -+{ -+ size_t c = 0; -+ uint32_t pin_len; -+ uint32_t token_name_len; -+ uint32_t module_name_len; -+ uint32_t key_id_len; -+ -+ if (blob == NULL || blob_len == 0) { -+ return NULL; -+ } -+ -+ SAFEALIGN_COPY_UINT32(&pin_len, blob, &c); -+ if (pin_len == 0) { -+ return NULL; -+ } -+ -+ SAFEALIGN_COPY_UINT32(&token_name_len, blob + c, &c); -+ SAFEALIGN_COPY_UINT32(&module_name_len, blob + c, &c); -+ SAFEALIGN_COPY_UINT32(&key_id_len, blob + c, &c); -+ -+ if (blob_len != 4 * sizeof(uint32_t) + pin_len + token_name_len -+ + module_name_len + key_id_len) { -+ return NULL; -+ } -+ -+ if (blob[c + pin_len - 1] != '\0') { -+ return NULL; -+ } -+ -+ return (const char *) blob + c; -+} -diff --git a/src/util/authtok-utils.h b/src/util/authtok-utils.h -index c5aace39f..714c8187e 100644 ---- a/src/util/authtok-utils.h -+++ b/src/util/authtok-utils.h -@@ -123,4 +123,14 @@ errno_t sss_auth_unpack_sc_blob(TALLOC_CTX *mem_ctx, - char **token_name, size_t *_token_name_len, - char **module_name, size_t *_module_name_len, - char **key_id, size_t *_key_id_len); -+ -+/** -+ * @brief Return a pointer to the PIN string in the memory buffer -+ * -+ * @param[in] blob Memory buffer containing the 2FA data -+ * @param[in] blob_len Size of the memory buffer -+ * -+ * @return pointer to 0-terminate PIN string in the memory buffer -+ */ -+const char *sss_auth_get_pin_from_sc_blob(uint8_t *blob, size_t blob_len); - #endif /* __AUTHTOK_UTILS_H__ */ --- -2.20.1 - diff --git a/SOURCES/0051-BE-Invalid-oprator-used-in-condition.patch b/SOURCES/0051-BE-Invalid-oprator-used-in-condition.patch deleted file mode 100644 index 2bd6778..0000000 --- a/SOURCES/0051-BE-Invalid-oprator-used-in-condition.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7fcd0a70d6dcaab3aa8f2a84ce9dc939ec350415 Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Wed, 21 Aug 2019 17:00:44 +0200 -Subject: [PATCH] BE: Invalid oprator used in condition -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There is wrong binary or used in condition. We have to use & here - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1744134 - -Reviewed-by: Pavel Březina ---- - src/providers/be_ptask.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/providers/be_ptask.c b/src/providers/be_ptask.c -index 8d75d51d1..319e44aa8 100644 ---- a/src/providers/be_ptask.c -+++ b/src/providers/be_ptask.c -@@ -228,13 +228,13 @@ static void be_ptask_schedule(struct be_ptask *task, - delay = delay + (sss_rand() % task->random_offset); - } - -- if(from | BE_PTASK_SCHEDULE_FROM_NOW) { -+ if(from & BE_PTASK_SCHEDULE_FROM_NOW) { - tv = tevent_timeval_current_ofs(delay, 0); - - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: scheduling task %lu seconds " - "from now [%lu]\n", task->name, delay, tv.tv_sec); - } -- else if (from | BE_PTASK_SCHEDULE_FROM_LAST) { -+ else if (from & BE_PTASK_SCHEDULE_FROM_LAST) { - tv = tevent_timeval_set(task->last_execution + delay, 0); - - DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: scheduling task %lu seconds " --- -2.20.1 - diff --git a/SOURCES/0052-TESTS-Sync.-multihost-kcm-tests-with-master.patch b/SOURCES/0052-TESTS-Sync.-multihost-kcm-tests-with-master.patch deleted file mode 100644 index fd8028d..0000000 --- a/SOURCES/0052-TESTS-Sync.-multihost-kcm-tests-with-master.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 4c77f1d5172b427aad0124d7970fb6905fb0a14a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C5=BDidek?= -Date: Mon, 2 Sep 2019 02:01:54 +0200 -Subject: [PATCH] TESTS: Sync. multihost kcm tests with master - ---- - src/tests/multihost/basic/conftest.py | 8 ++ - src/tests/multihost/basic/test_kcm.py | 138 ++++++++++++++++++++++++++ - 2 files changed, 146 insertions(+) - -diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py -index 87f74031c..dd3c6f001 100644 ---- a/src/tests/multihost/basic/conftest.py -+++ b/src/tests/multihost/basic/conftest.py -@@ -397,6 +397,14 @@ def create_posix_usersgroups(session_multihost): - assert ret == 'Success' - - -+@pytest.fixture(scope='session') -+def create_many_user_principals(session_multihost): -+ krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') -+ for i in range(1, 65): -+ username = "user%04d" % i -+ krb.add_principal(username, 'user', 'Secret123') -+ -+ - @pytest.fixture(scope="session", autouse=True) - def setup_session(request, session_multihost, - package_install, -diff --git a/src/tests/multihost/basic/test_kcm.py b/src/tests/multihost/basic/test_kcm.py -index 54b3f7ecd..f18748af7 100644 ---- a/src/tests/multihost/basic/test_kcm.py -+++ b/src/tests/multihost/basic/test_kcm.py -@@ -3,6 +3,7 @@ from sssd.testlib.common.utils import SSHClient - import paramiko - import pytest - import os -+import re - from utils_config import set_param, remove_section - - -@@ -38,6 +39,11 @@ class TestSanityKCM(object): - os.remove(local_kcm_log_file) - return nlines - -+ def _remove_secret_db(self, multihost): -+ multihost.master[0].run_command( -+ 'rm -f /var/lib/sss/secrets/secrets.ldb') -+ self._restart_kcm(multihost) -+ - def test_kinit_kcm(self, multihost, enable_kcm): - """ - @Title: kcm: Run kinit with KRB5CCNAME=KCM -@@ -175,3 +181,135 @@ class TestSanityKCM(object): - if 'KCM:14583109' in line: - has_cache = True - assert has_cache is True -+ -+ def test_kvno_display(self, multihost, enable_kcm): -+ """ -+ @Title: kcm: Test kvno correctly displays vesion numbers of principals -+ #https://pagure.io/SSSD/sssd/issue/3757 -+ """ -+ ssh = SSHClient(multihost.master[0].sys_hostname, -+ username='foo4', password='Secret123') -+ host_princ = 'host/%s@%s' % (multihost.master[0].sys_hostname, -+ 'EXAMPLE.TEST') -+ kvno_cmd = 'kvno %s' % (host_princ) -+ (stdout, _, exit_status) = ssh.execute_cmd(kvno_cmd) -+ for line in stdout.readlines(): -+ kvno_check = re.search(r'%s: kvno = (\d+)' % host_princ, line) -+ if kvno_check: -+ print(kvno_check.group()) -+ else: -+ pytest.fail("kvno display was improper") -+ ssh.close() -+ -+ def test_kcm_peruid_quota(self, -+ multihost, -+ enable_kcm, -+ create_many_user_principals): -+ """ -+ @Title: kcm: Make sure the quota limits a client, but only that client -+ """ -+ # It is easier to keep these tests stable and independent from others -+ # if they start from a clean slate -+ self._remove_secret_db(multihost) -+ -+ ssh_foo2 = SSHClient(multihost.master[0].sys_hostname, -+ username='foo2', password='Secret123') -+ ssh_foo3 = SSHClient(multihost.master[0].sys_hostname, -+ username='foo3', password='Secret123') -+ -+ # The loop would request 63 users, plus there is foo3 we authenticated -+ # earlier, so this should exactly deplete the quota, but should succeed -+ for i in range(1, 64): -+ username = "user%04d" % i -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit %s' % username, -+ stdin='Secret123') -+ assert exit_status == 0 -+ -+ # this kinit should be exactly one over the peruid limit -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit user0064', -+ stdin='Secret123') -+ assert exit_status != 0 -+ -+ # Since this is a per-uid limit, another user should be able to kinit -+ # just fine -+ (_, _, exit_status) = ssh_foo2.execute_cmd('kinit user0064', -+ stdin='Secret123') -+ assert exit_status == 0 -+ -+ # kdestroy as the original user, the quota should allow a subsequent -+ # kinit -+ ssh_foo3.execute_cmd('kdestroy -A') -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit user0064', -+ stdin='Secret123') -+ assert exit_status == 0 -+ -+ ssh_foo2.execute_cmd('kdestroy -A') -+ ssh_foo2.close() -+ ssh_foo3.execute_cmd('kdestroy -A') -+ ssh_foo3.close() -+ -+ def test_kcm_peruid_quota_increase(self, -+ multihost, -+ enable_kcm, -+ create_many_user_principals): -+ """ -+ @Title: kcm: Quota increase -+ -+ Increasing the peruid quota allows a client to store more -+ data -+ """ -+ # It is easier to keep these tests stable and independent from others -+ # if they start from a clean slate -+ self._remove_secret_db(multihost) -+ -+ ssh_foo3 = SSHClient(multihost.master[0].sys_hostname, -+ username='foo3', password='Secret123') -+ -+ # The loop would request 63 users, plus there is foo3 we authenticated -+ # earlier, so this should exactly deplete the quota, but should succeed -+ for i in range(1, 64): -+ username = "user%04d" % i -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit %s' % username, -+ stdin='Secret123') -+ assert exit_status == 0 -+ -+ # this kinit should be exactly one over the peruid limit -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit user0064', -+ stdin='Secret123') -+ assert exit_status != 0 -+ -+ set_param(multihost, 'kcm', 'max_uid_ccaches', '65') -+ self._restart_kcm(multihost) -+ -+ # Now the kinit should work as we increased the limit -+ (_, _, exit_status) = ssh_foo3.execute_cmd('kinit user0064', -+ stdin='Secret123') -+ assert exit_status == 0 -+ -+ ssh_foo3.execute_cmd('kdestroy -A') -+ ssh_foo3.close() -+ -+ def test_kcm_payload_low_quota(self, -+ multihost, -+ enable_kcm): -+ """ -+ @Title: kcm: Quota enforcement -+ -+ Set a prohibitive quota for the per-ccache payload limit and -+ make sure it gets enforced -+ """ -+ # It is easier to keep these tests stable and independent from others -+ # if they start from a clean slate -+ self._remove_secret_db(multihost) -+ -+ ssh_foo3 = SSHClient(multihost.master[0].sys_hostname, -+ username='foo3', password='Secret123') -+ ssh_foo3.execute_cmd('kdestroy -A') -+ ssh_foo3.close() -+ -+ set_param(multihost, 'kcm', 'max_ccache_size', '1') -+ self._restart_kcm(multihost) -+ -+ with pytest.raises(paramiko.ssh_exception.AuthenticationException): -+ ssh_foo3 = SSHClient(multihost.master[0].sys_hostname, -+ username='foo3', password='Secret123') --- -2.20.1 - diff --git a/SOURCES/0053-KCM-Add-a-forgotten-return.patch b/SOURCES/0053-KCM-Add-a-forgotten-return.patch deleted file mode 100644 index 6ddf5ba..0000000 --- a/SOURCES/0053-KCM-Add-a-forgotten-return.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 80cf912405c06254008e3c3766f438b8e0f03af7 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 27 Aug 2019 14:27:21 +0200 -Subject: [PATCH 53/55] KCM: Add a forgotten return -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Michal Židek ---- - src/responder/kcm/kcmsrv_ops.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c -index 1160c93f9..d8a7b03c5 100644 ---- a/src/responder/kcm/kcmsrv_ops.c -+++ b/src/responder/kcm/kcmsrv_ops.c -@@ -1685,6 +1685,7 @@ static void kcm_op_set_default_ccache_getbyname_done(struct tevent_req *subreq) - DEBUG(SSSDBG_TRACE_LIBS, - "The ccache does not exist, creating a new one\n"); - kcm_op_set_default_create_step(req); -+ return; - } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Cannot get ccache by name [%d]: %s\n", --- -2.20.1 - diff --git a/SOURCES/0054-KCM-Allow-modifications-of-ccache-s-principal.patch b/SOURCES/0054-KCM-Allow-modifications-of-ccache-s-principal.patch deleted file mode 100644 index c60f90c..0000000 --- a/SOURCES/0054-KCM-Allow-modifications-of-ccache-s-principal.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 436cf4c15b7659b21205affd6743aa6159c55b5c Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 28 Aug 2019 14:22:49 +0200 -Subject: [PATCH 54/55] KCM: Allow modifications of ccache's principal -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/4017 - -This patch will be useful to fix credential delegation. - -Reviewed-by: Michal Židek ---- - src/responder/kcm/kcmsrv_ccache.c | 37 +++++++++++++++++++++-- - src/responder/kcm/kcmsrv_ccache.h | 5 +-- - src/responder/kcm/kcmsrv_ccache_mem.c | 8 ++++- - src/responder/kcm/kcmsrv_ccache_secdb.c | 8 ++++- - src/responder/kcm/kcmsrv_ccache_secrets.c | 9 +++++- - src/responder/kcm/kcmsrv_ops.c | 4 +-- - 6 files changed, 60 insertions(+), 11 deletions(-) - -diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c -index 085cc4464..e24da9aa2 100644 ---- a/src/responder/kcm/kcmsrv_ccache.c -+++ b/src/responder/kcm/kcmsrv_ccache.c -@@ -1089,25 +1089,56 @@ errno_t kcm_ccdb_create_cc_recv(struct tevent_req *req) - return EOK; - } - --void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) -+static void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) - { - if (mod_ctx == NULL) { - return; - } - - mod_ctx->kdc_offset = INT32_MAX; -+ if (mod_ctx->client != NULL) { -+ krb5_free_principal(NULL, mod_ctx->client); -+ mod_ctx->client = NULL; -+ } -+ -+ return; -+} -+ -+struct kcm_mod_ctx *kcm_mod_ctx_new(TALLOC_CTX *mem_ctx) -+{ -+ struct kcm_mod_ctx *mod_ctx; -+ -+ mod_ctx = talloc_zero(mem_ctx, struct kcm_mod_ctx); -+ if (mod_ctx == NULL) { -+ return NULL; -+ } -+ -+ kcm_mod_ctx_clear(mod_ctx); -+ return mod_ctx; - } - --void kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) -+errno_t kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) - { - if (cc == NULL || mod_ctx == NULL) { -- return; -+ return EINVAL; - } - - if (mod_ctx->kdc_offset != INT32_MAX) { - cc->kdc_offset = mod_ctx->kdc_offset; - } - -+ if (mod_ctx->client != NULL) { -+ krb5_error_code kret; -+ -+ kret = krb5_copy_principal(NULL, mod_ctx->client, &cc->client); -+ if (kret != 0) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "krb5_copy_principal failed: %d\n", kret); -+ return ERR_INTERNAL; -+ } -+ } -+ -+ return EOK; - } - - struct kcm_ccdb_mod_cc_state { -diff --git a/src/responder/kcm/kcmsrv_ccache.h b/src/responder/kcm/kcmsrv_ccache.h -index 199b75b16..220220ca9 100644 ---- a/src/responder/kcm/kcmsrv_ccache.h -+++ b/src/responder/kcm/kcmsrv_ccache.h -@@ -257,13 +257,14 @@ errno_t kcm_ccdb_create_cc_recv(struct tevent_req *req); - */ - struct kcm_mod_ctx { - int32_t kdc_offset; -+ krb5_principal client; - /* More settable properties (like name, when we support renames - * will be added later - */ - }; - --void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx); --void kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx); -+struct kcm_mod_ctx *kcm_mod_ctx_new(TALLOC_CTX *mem_ctx); -+errno_t kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx); - - struct tevent_req *kcm_ccdb_mod_cc_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -diff --git a/src/responder/kcm/kcmsrv_ccache_mem.c b/src/responder/kcm/kcmsrv_ccache_mem.c -index 35955b2f4..18c3878ad 100644 ---- a/src/responder/kcm/kcmsrv_ccache_mem.c -+++ b/src/responder/kcm/kcmsrv_ccache_mem.c -@@ -676,7 +676,13 @@ static struct tevent_req *ccdb_mem_mod_send(TALLOC_CTX *mem_ctx, - goto immediate; - } - -- kcm_mod_cc(ccwrap->cc, mod_cc); -+ ret = kcm_mod_cc(ccwrap->cc, mod_cc); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "Cannot modify ccache [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ goto immediate; -+ } - - ret = EOK; - immediate: -diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c -index 26ee1032d..32137a66e 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secdb.c -+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c -@@ -1290,7 +1290,13 @@ static struct tevent_req *ccdb_secdb_mod_send(TALLOC_CTX *mem_ctx, - goto immediate; - } - -- kcm_mod_cc(cc, mod_cc); -+ ret = kcm_mod_cc(cc, mod_cc); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "Cannot modify ccache [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ goto immediate; -+ } - - ret = kcm_ccache_to_sec_input(state, cc, client, &payload); - if (ret != EOK) { -diff --git a/src/responder/kcm/kcmsrv_ccache_secrets.c b/src/responder/kcm/kcmsrv_ccache_secrets.c -index 7b019fded..83c16974d 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secrets.c -+++ b/src/responder/kcm/kcmsrv_ccache_secrets.c -@@ -1846,7 +1846,14 @@ static void ccdb_sec_mod_cred_get_done(struct tevent_req *subreq) - return; - } - -- kcm_mod_cc(cc, state->mod_cc); -+ ret = kcm_mod_cc(cc, state->mod_cc); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "Cannot modify ccache [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ tevent_req_error(req, ret); -+ return; -+ } - - ret = kcm_ccache_to_sec_kv(state, cc, state->client, &url, &payload); - if (ret != EOK) { -diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c -index d8a7b03c5..8bd63165b 100644 ---- a/src/responder/kcm/kcmsrv_ops.c -+++ b/src/responder/kcm/kcmsrv_ops.c -@@ -1990,13 +1990,11 @@ static void kcm_op_set_kdc_offset_getbyname_done(struct tevent_req *subreq) - return; - } - -- mod_ctx = talloc(state, struct kcm_mod_ctx); -+ mod_ctx = kcm_mod_ctx_new(state); - if (mod_ctx == NULL) { - tevent_req_error(req, ENOMEM); - return; - } -- -- kcm_mod_ctx_clear(mod_ctx); - mod_ctx->kdc_offset = be32toh(offset_be); - - subreq = kcm_ccdb_mod_cc_send(state, --- -2.20.1 - diff --git a/SOURCES/0055-KCM-Fill-empty-cache-do-not-initialize-a-new-one.patch b/SOURCES/0055-KCM-Fill-empty-cache-do-not-initialize-a-new-one.patch deleted file mode 100644 index 1a7d461..0000000 --- a/SOURCES/0055-KCM-Fill-empty-cache-do-not-initialize-a-new-one.patch +++ /dev/null @@ -1,160 +0,0 @@ -From dbcd8411643a641316696f221860517ab06879ba Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 28 Aug 2019 14:23:18 +0200 -Subject: [PATCH 55/55] KCM: Fill empty cache, do not initialize a new one -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Related: -https://pagure.io/SSSD/sssd/issue/4017 - -openssh uses this sequence of calls: - gen_new() - switch() - initialize() - -What happened before was that if there was already some cache, gen_new -would create a new empty cache, then switch would set it as the default. -But then, during the initialize call, the cache that used to be the -default was deleted, another one created and used as the default. This -meant. Afterwards, KCM would store the credentials in the previous -cache, which would no longer be the default. - -The logic behind was that KCM didn't anticipate the client generating -the new and setting the default on its own. - -Reviewed-by: Michal Židek ---- - src/responder/kcm/kcmsrv_ops.c | 84 +++++++++++++++++++++++++++++++++- - 1 file changed, 82 insertions(+), 2 deletions(-) - -diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c -index 8bd63165b..2181ec6e6 100644 ---- a/src/responder/kcm/kcmsrv_ops.c -+++ b/src/responder/kcm/kcmsrv_ops.c -@@ -367,6 +367,8 @@ struct kcm_op_initialize_state { - static void kcm_op_initialize_got_byname(struct tevent_req *subreq); - static void kcm_op_initialize_cc_create_done(struct tevent_req *subreq); - static void kcm_op_initialize_cc_delete_done(struct tevent_req *subreq); -+static void kcm_op_initialize_fill_princ_step(struct tevent_req *req); -+static void kcm_op_initialize_fill_princ_done(struct tevent_req *subreq); - static void kcm_op_initialize_create_step(struct tevent_req *req); - static void kcm_op_initialize_got_default(struct tevent_req *subreq); - static void kcm_op_initialize_set_default_done(struct tevent_req *subreq); -@@ -450,6 +452,15 @@ static void kcm_op_initialize_got_byname(struct tevent_req *subreq) - } - - if (state->new_cc != NULL) { -+ if (kcm_cc_get_client_principal(state->new_cc) == NULL) { -+ /* This is a cache that was pre-created w/o a principal (sshd does this), -+ * let's fill in the principal and set the cache as default if not -+ * already -+ */ -+ kcm_op_initialize_fill_princ_step(req); -+ return; -+ } -+ - ok = kcm_cc_access(state->new_cc, state->op_ctx->client); - if (!ok) { - state->op_ret = EACCES; -@@ -501,6 +512,70 @@ static void kcm_op_initialize_cc_delete_done(struct tevent_req *subreq) - kcm_op_initialize_create_step(req); - } - -+static void kcm_op_initialize_fill_princ_step(struct tevent_req *req) -+{ -+ struct tevent_req *subreq; -+ struct kcm_op_initialize_state *state = tevent_req_data(req, -+ struct kcm_op_initialize_state); -+ errno_t ret; -+ struct kcm_mod_ctx *mod_ctx; -+ uuid_t uuid; -+ -+ mod_ctx = kcm_mod_ctx_new(state); -+ if (mod_ctx == NULL) { -+ tevent_req_error(req, ENOMEM); -+ return; -+ } -+ mod_ctx->client = state->princ; -+ -+ ret = kcm_cc_get_uuid(state->new_cc, uuid); -+ if (ret != EOK) { -+ tevent_req_error(req, ret); -+ return; -+ } -+ -+ subreq = kcm_ccdb_mod_cc_send(state, -+ state->ev, -+ state->op_ctx->kcm_data->db, -+ state->op_ctx->client, -+ uuid, -+ mod_ctx); -+ if (subreq == NULL) { -+ tevent_req_error(req, ENOMEM); -+ return; -+ } -+ tevent_req_set_callback(subreq, kcm_op_initialize_fill_princ_done, req); -+} -+ -+static void kcm_op_initialize_fill_princ_done(struct tevent_req *subreq) -+{ -+ struct tevent_req *req = tevent_req_callback_data(subreq, -+ struct tevent_req); -+ struct kcm_op_initialize_state *state = tevent_req_data(req, -+ struct kcm_op_initialize_state); -+ errno_t ret; -+ -+ ret = kcm_ccdb_mod_cc_recv(subreq); -+ talloc_zfree(subreq); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "Cannot modify ccache [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ tevent_req_error(req, ret); -+ return; -+ } -+ -+ /* Make sure the cache we just initialized is the default one */ -+ subreq = kcm_ccdb_get_default_send(state, state->ev, -+ state->op_ctx->kcm_data->db, -+ state->op_ctx->client); -+ if (subreq == NULL) { -+ tevent_req_error(req, ret); -+ return; -+ } -+ tevent_req_set_callback(subreq, kcm_op_initialize_got_default, req); -+} -+ - static void kcm_op_initialize_create_step(struct tevent_req *req) - { - struct tevent_req *subreq; -@@ -588,11 +663,14 @@ static void kcm_op_initialize_got_default(struct tevent_req *subreq) - ret = kcm_cc_get_uuid(state->new_cc, dfl_uuid); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, -- "Cannot get new ccache UUID [%d]: %s\n", -- ret, sss_strerror(ret)); -+ "Cannot get new ccache UUID [%d]: %s\n", -+ ret, sss_strerror(ret)); - return; - } - -+ DEBUG(SSSDBG_TRACE_FUNC, -+ "The default ccached was not set, switching to the " -+ "initialized\n"); - subreq = kcm_ccdb_set_default_send(state, - state->ev, - state->op_ctx->kcm_data->db, -@@ -1756,6 +1834,8 @@ static void kcm_op_set_default_create_step_done(struct tevent_req *subreq) - return; - } - -+ DEBUG(SSSDBG_TRACE_FUNC, "The ccache was created, switching to it"); -+ - ret = kcm_cc_get_uuid(state->new_cc, state->dfl_uuid); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, --- -2.20.1 - diff --git a/SOURCES/0056-p11_child-check-if-card-is-present-in-wait_for_card.patch b/SOURCES/0056-p11_child-check-if-card-is-present-in-wait_for_card.patch deleted file mode 100644 index e31740a..0000000 --- a/SOURCES/0056-p11_child-check-if-card-is-present-in-wait_for_card.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Thu, 30 Jan 2020 13:14:14 +0100 -Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some implementations of C_WaitForSlotEvent() might return even if no -card was inserted. So it has to be checked if a card is really present. - -Resolves: https://pagure.io/SSSD/sssd/issue/4159 - -Reviewed-by: Pavel Březina ---- - src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++--------------- - 1 file changed, 25 insertions(+), 22 deletions(-) - -diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c -index 56601b117..295715612 100644 ---- a/src/p11_child/p11_child_openssl.c -+++ b/src/p11_child/p11_child_openssl.c -@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id) - CK_RV rv; - CK_SLOT_INFO info; - -- rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); -- if (rv != CKR_OK) { -- if (rv != CKR_FUNCTION_NOT_SUPPORTED) { -+ do { -+ rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL); -+ if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) { - DEBUG(SSSDBG_OP_FAILURE, - "C_WaitForSlotEvent failed [%lu][%s].\n", - rv, p11_kit_strerror(rv)); - return EIO; - } - -- /* Poor man's wait */ -- do { -+ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { -+ /* Poor man's wait */ - sleep(10); -- rv = module->C_GetSlotInfo(*slot_id, &info); -- if (rv != CKR_OK) { -- DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); -- return EIO; -- } -- DEBUG(SSSDBG_TRACE_ALL, -- "Description [%s] Manufacturer [%s] flags [%lu] " -- "removable [%s] token present [%s].\n", -- info.slotDescription, info.manufacturerID, info.flags, -- (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", -- (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); -- if ((info.flags & CKF_REMOVABLE_DEVICE) -- && (info.flags & CKF_TOKEN_PRESENT)) { -- break; -- } -- } while (true); -- } -+ } -+ -+ rv = module->C_GetSlotInfo(*slot_id, &info); -+ if (rv != CKR_OK) { -+ DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n"); -+ return EIO; -+ } -+ DEBUG(SSSDBG_TRACE_ALL, -+ "Description [%s] Manufacturer [%s] flags [%lu] " -+ "removable [%s] token present [%s].\n", -+ info.slotDescription, info.manufacturerID, info.flags, -+ (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false", -+ (info.flags & CKF_TOKEN_PRESENT) ? "true": "false"); -+ -+ /* Check if really a token is present */ -+ if ((info.flags & CKF_REMOVABLE_DEVICE) -+ && (info.flags & CKF_TOKEN_PRESENT)) { -+ break; -+ } -+ } while (true); - - return EOK; - } --- -2.20.1 - diff --git a/SOURCES/0057-PAM-client-only-require-UID-0-for-private-socket.patch b/SOURCES/0057-PAM-client-only-require-UID-0-for-private-socket.patch deleted file mode 100644 index 0127ff5..0000000 --- a/SOURCES/0057-PAM-client-only-require-UID-0-for-private-socket.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 37780b895199bab991edae6b1eeb91b7b3966bcf Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Thu, 6 Feb 2020 14:50:23 +0100 -Subject: [PATCH 25/25] PAM client: only require UID 0 for private socket -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some privileged services like e.g. gdm might only call with UID 0 but -with a different GID. This patch removes the GID 0 requirement to access -to private PAM socket so that e.g. gdm can use the wait-for-card option. - -Resolves: https://pagure.io/SSSD/sssd/issue/4159 - -Reviewed-by: Pavel Březina ---- - src/sss_client/common.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/sss_client/common.c b/src/sss_client/common.c -index 270ca8b54..902438c86 100644 ---- a/src/sss_client/common.c -+++ b/src/sss_client/common.c -@@ -910,8 +910,8 @@ int sss_pam_make_request(enum sss_cli_command cmd, - goto out; - } - -- /* only root shall use the privileged pipe */ -- if (getuid() == 0 && getgid() == 0) { -+ /* only UID 0 shall use the privileged pipe */ -+ if (getuid() == 0) { - socket_name = SSS_PAM_PRIV_SOCKET_NAME; - errno = 0; - statret = stat(socket_name, &stat_buf); --- -2.20.1 - diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec index cc5f63f..52bd737 100644 --- a/SPECS/sssd.spec +++ b/SPECS/sssd.spec @@ -23,8 +23,8 @@ %endif Name: sssd -Version: 2.2.0 -Release: 19%{?dist}.1 +Version: 2.2.3 +Release: 20%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -32,63 +32,36 @@ URL: https://pagure.io/SSSD/sssd/ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz ### Patches ### -Patch0001: 0001-MAN-ldap_user_home_directory-default-missing.patch -Patch0002: 0002-PROXY-Return-data-in-output-parameter-if-everything-.patch -Patch0003: 0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch -Patch0004: 0004-sudo-use-proper-datetime-for-default-modifyTimestamp.patch -Patch0005: 0005-negcache-add-fq-usernames-of-know-domains-to-all-UPN.patch -Patch0006: 0006-p11_child-prefer-better-digest-function-if-card-supp.patch -Patch0007: 0007-p11_child-fix-a-memory-leak-and-other-memory-mangeme.patch -Patch0008: 0008-man-fix-description-of-dns_resolver_op_timeout.patch -Patch0009: 0009-man-fix-description-of-dns_resolver_timeout.patch -Patch0010: 0010-failover-add-dns_resolver_server_timeout-option.patch -Patch0011: 0011-failover-change-default-timeouts.patch -Patch0012: 0012-config-add-dns_resolver_op_timeout-to-option-list.patch -Patch0013: 0013-pam_sss-Add-missing-colon-to-the-PIN-prompt.patch -Patch0014: 0014-pam-make-sure-p11_child.log-has-the-right-permission.patch -Patch0015: 0015-ssh-make-sure-p11_child.log-has-the-right-permission.patch -Patch0016: 0016-BE-make-sure-child-log-files-have-the-right-permissi.patch -Patch0017: 0017-MAN-Get-rid-of-sssd-secrets-reference.patch -Patch0018: 0018-MAN-Document-that-it-is-enough-to-systemctl-restart-.patch -Patch0019: 0019-SECRETS-Use-different-option-names-from-secrets-and-.patch -Patch0020: 0020-SECRETS-Don-t-limit-the-global-number-of-ccaches.patch -Patch0021: 0021-KCM-Pass-confdb-context-to-the-ccache-db-initializat.patch -Patch0022: 0022-KCM-Configurable-quotas-for-the-secdb-ccache-back-en.patch -Patch0023: 0023-MAN-Document-that-PAM-stack-contains-the-systemd-use.patch -Patch0024: 0024-Don-t-qualify-users-from-files-domain-when-default_d.patch -Patch0025: 0025-pam-fix-loop-in-Smartcard-authentication.patch -Patch0026: 0026-SYSDB-Add-sysdb_search_with_ts_attr.patch -Patch0027: 0027-BE-search-with-sysdb_search_with_ts_attr.patch -Patch0028: 0028-BE-Enable-refresh-for-multiple-domains.patch -Patch0029: 0029-BE-Make-be_refresh_ctx_init-set-up-the-periodical-ta.patch -Patch0030: 0030-BE-LDAP-Call-be_refresh_ctx_init-in-the-provider-lib.patch -Patch0031: 0031-BE-Pass-in-attribute-to-look-up-with-instead-of-hard.patch -Patch0032: 0032-BE-Change-be_refresh_ctx_init-to-return-errno-and-se.patch -Patch0033: 0033-BE-LDAP-Split-out-a-helper-function-from-sdap_refres.patch -Patch0034: 0034-BE-Pass-in-filter_type-when-creating-the-refresh-acc.patch -Patch0035: 0035-BE-Send-refresh-requests-in-batches.patch -Patch0036: 0036-BE-Extend-be_ptask_create-with-control-when-to-sched.patch -Patch0037: 0037-BE-Schedule-the-refresh-interval-from-the-finish-tim.patch -Patch0038: 0038-AD-Implement-background-refresh-for-AD-domains.patch -Patch0039: 0039-IPA-Implement-background-refresh-for-IPA-domains.patch -Patch0040: 0040-BE-IPA-AD-LDAP-Add-inigroups-refresh-support.patch -Patch0041: 0041-BE-IPA-AD-LDAP-Initialize-the-refresh-callback-from-.patch -Patch0042: 0042-IPA-AD-SDAP-BE-Generate-refresh-callbacks-with-a-mac.patch -Patch0043: 0043-MAN-Amend-the-documentation-for-the-background-refre.patch -Patch0044: 0044-DP-SYSDB-Move-the-code-to-set-initgrExpireTimestamp-.patch -Patch0045: 0045-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch -Patch0046: 0046-BE-Introduce-flag-for-be_ptask_create.patch -Patch0047: 0047-BE-Convert-be_ptask-params-to-flags.patch -Patch0048: 0048-DYNDNS-dyndns_update-is-not-enough.patch -Patch0049: 0049-tests-Use-idm-DL1-module-to-install-389-ds.patch -Patch0050: 0050-pam-keep-pin-on-the-PAM-stack-for-forward_pass.patch -Patch0051: 0051-BE-Invalid-oprator-used-in-condition.patch -Patch0052: 0052-TESTS-Sync.-multihost-kcm-tests-with-master.patch -Patch0053: 0053-KCM-Add-a-forgotten-return.patch -Patch0054: 0054-KCM-Allow-modifications-of-ccache-s-principal.patch -Patch0055: 0055-KCM-Fill-empty-cache-do-not-initialize-a-new-one.patch -Patch0056: 0056-p11_child-check-if-card-is-present-in-wait_for_card.patch -Patch0057: 0057-PAM-client-only-require-UID-0-for-private-socket.patch +Patch0001: 0001-INI-sssctl-config-check-command-error-messages.patch +Patch0002: 0002-certmap-mention-special-regex-characters-in-man-page.patch +Patch0003: 0003-ldap_child-do-not-try-PKINIT.patch +Patch0004: 0004-util-watchdog-fixed-watchdog-implementation.patch +Patch0005: 0005-providers-krb5-got-rid-of-unused-code.patch +Patch0006: 0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch +Patch0007: 0007-util-server-improved-debug-at-shutdown.patch +Patch0008: 0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch +Patch0009: 0009-sdap-Add-randomness-to-ldap-connection-timeout.patch +Patch0010: 0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch +Patch0011: 0011-ad-add-ad_use_ldaps.patch +Patch0012: 0012-ldap-add-new-option-ldap_sasl_maxssf.patch +Patch0013: 0013-ad-set-min-and-max-ssf-for-ldaps.patch +Patch0014: 0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch +Patch0015: 0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch +Patch0016: 0016-zanata-Pulled-new-translations.patch +Patch0017: 0017-sbus_server-stylistic-rename.patch +Patch0018: 0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch +Patch0019: 0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch +Patch0020: 0020-sss_ptr_hash-removed-redundant-check.patch +Patch0021: 0021-sss_ptr_hash-fixed-memory-leak.patch +Patch0022: 0022-sss_ptr_hash-internal-refactoring.patch +Patch0023: 0023-TESTS-added-sss_ptr_hash-unit-test.patch +Patch0024: 0024-p11_child-check-if-card-is-present-in-wait_for_card.patch +Patch0025: 0025-PAM-client-only-require-UID-0-for-private-socket.patch +Patch0026: 0026-ssh-do-not-mix-different-certificate-lists.patch +Patch0027: 0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch +Patch0028: 0028-Add-TCP-level-timeout-to-LDAP-services.patch +Patch0029: 0029-sss_sockets-pass-pointer-instead-of-integer.patch +Patch0030: 0030-ssh-fix-matching-rules-default.patch ### Downstream Patches ### @@ -119,6 +92,7 @@ Suggests: sssd-dbus = %{version}-%{release} ### Build Dependencies ### +BuildRequires: make BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -265,6 +239,7 @@ Requires: sssd-common = %{version}-%{release} # required by sss_obfuscate Requires: python3-sss = %{version}-%{release} Requires: python3-sssdconfig = %{version}-%{release} +Recommends: sssd-dbus %description tools Provides userspace tools for manipulating users, groups, and nested groups in @@ -650,6 +625,8 @@ autoreconf -ivf make %{?_smp_mflags} all docs +make -C po ja.gmo +make -C po fr.gmo %check export CK_TIMEOUT_MULTIPLIER=10 @@ -886,6 +863,7 @@ done %{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp %{_datadir}/sssd/systemtap/dp_request.stp +%{_datadir}/sssd/systemtap/ldap_perf.stp %dir %{_datadir}/systemtap %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/sssd.stp @@ -902,6 +880,7 @@ done %license COPYING %{_libdir}/%{name}/libsss_ldap.so %{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man5/sssd-ldap-attributes.5* %files krb5-common %defattr(-,root,root,-) @@ -1241,10 +1220,85 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog -* Tue Mar 24 2020 Alexey Tikhonov - 2.2.0-19.1 -- Resolves: rhbz#1816591 - p11_child should have an option to skip - C_WaitForSlotEvent if the PKCS#11 module does not - implement it properly [rhel-8.1.0.z] +* Mon Mar 16 2020 Alexey Tikhonov - 2.2.3-19 +- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard + certificate EKU and perform an action based + on value when generating SSH key from a certificate + (additional patch) + +* Fri Mar 13 2020 Alexey Tikhonov - 2.2.3-19 +- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user + information + +* Fri Feb 28 2020 Michal Židek - 2.2.3-18 +- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard + certificate EKU and perform an action based + on value when generating SSH key from a certificate + +* Mon Feb 24 2020 Alexey Tikhonov - 2.2.3-17 +- Resolves: rhbz#1718193 - p11_child should have an option to skip + C_WaitForSlotEvent if the PKCS#11 module + does not implement it properly + +* Mon Feb 17 2020 Alexey Tikhonov - 2.2.3-16 +- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is + omitted and auth_provider is krb5 + +* Wed Feb 12 2020 Michal Židek - 2.2.3-15 +- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization + +* Tue Jan 28 2020 Michal Židek - 2.2.3-14 +- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be + specified up to the seconds + +* Tue Jan 28 2020 Michal Židek - 2.2.3-13 +- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools + +* Tue Jan 28 2020 Michal Židek - 2.2.3-12 +* Resolves: rhbz#1794016 - sssd_be frequent crash + +* Tue Jan 14 2020 Michal Židek - 2.2.3-11 +* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider + +* Tue Jan 14 2020 Michal Židek - 2.2.3-10 +* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap + connection timeout + +* Tue Jan 14 2020 Michal Židek - 2.2.3-9 +* Resolves: rhbz#1783190 - [abrt] [faf] sssd: + raise(): /usr/libexec/sssd/sssd_autofs killed by 6 + + +* Thu Dec 19 2019 Michal Židek - 2.2.3-8 +* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect + +* Thu Dec 19 2019 Michal Židek - 2.2.3-7 +* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect + +* Sun Dec 15 2019 Michal Židek - 2.2.3-6 +* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized + +* Sun Dec 15 2019 Michal Židek - 2.2.3-5 +* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character + for match rules sss-certmap + +* Thu Dec 12 2019 Michal Židek - 2.2.3-4 +* Resolves: rhbz#1781728 - sssctl config-check command does not give proper + error messages with line numbers + +* Mon Dec 2 2019 Michal Židek - 2.2.3-3 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + Increasing version number to pick latest libldb + +* Sat Nov 30 2019 Michal Židek - 2.2.3-2 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + PART2: Fix gating issue. + +* Sat Nov 30 2019 Michal Židek - 2.2.3-1 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release + +* Thu Nov 21 2019 Michal Židek - 2.2.2-1 +* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release * Wed Sep 4 2019 Michal Židek - 2.2.0-19 - Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid